Hello, I have been working on my PA-500 trying to get OSPF to work through an IPSEC site to site VPN. I cannot get OSPF to complete. Looking at the status, I see LSAs sent, but none received. I verified that the other end is configured exactly the same, and even matched them to what I had in my old firewall that I just pulled out. Any help appreciated, Do I need to enable OSPF on the interfaces somehow, like the Host inbound traffic command that Juniper uses on the SRX? It almost seems that something is blocking the LSAs from coming back from the far end, but I dunno because i have not done alot with OSPF. Here are some commands that I ran in the CLI: admin@PA-500> show routing protocol ospf summary ========== router id: 192.168.254.254 virtual router: Default_VR reject default route: reject redist default route: block RFC1583 behavior: no area border router: no AS border router: yes LS type 5 count: 1 LS type 11 count: 0 LS sent count: 203 LS recv count: 0 area id: 0.0.0.0 interface: 172.16.254.3 interface: 192.168.254.254 dynamic neighbors: admin@PA-500> show routing protocol ospf interface ========== virtual router: Default_VR interface name: tunnel.1 interface address: 172.16.254.3 interface type: p2p passive: no area id: 0.0.0.0 router priority: 1 status: p2p transit delay: 1 retry interval: 8 hello interval: 10 dead interval: 40 IP of DR: 0.0.0.0 IP of Backup DR: 0.0.0.0 LSA count: 0 LSA refresh interval: 1800 auth type: none interface metric: 100 ========== virtual router: Default_VR interface name: vlan.1 interface address: 192.168.254.254 interface type: p2p passive: yes area id: 0.0.0.0 router priority: 1 status: p2p transit delay: 1 retry interval: 8 hello interval: 10 dead interval: 40 IP of DR: 0.0.0.0 IP of Backup DR: 0.0.0.0 LSA count: 0 LSA refresh interval: 1800 auth type: none interface metric: 10 admin@PA-500> show routing protocol ospf dumplsdb VIRTUAL ROUTER: Default_VR (id 3) ========== VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age 3 0.0.0.0 192.168.254.254 192.168.254.254 type-1 (Router) 0x8000005F 0x00004D71 869 Options: [External] Router LSA Options: [ASBR] Stub Network: 172.16.254.3 Netmask 255.255.255.192, tos 0, metric: 100 Stub Network: 192.168.254.254 Netmask 255.255.255.0, tos 0, metric: 10 3 192.168.254.254 192.168.254.0/24 type-5 (External) 0x8000002E 0x0000E2F2 869 Options: [External] Mask 255.255.255.0, type 2, tos 0 metric: 255, forward 0.0.0.0, tag 0.0.0.0 admin@PA-500> show routing protocol ospf area ========== virtual router: Default_VR area id: 0.0.0.0 range: Normal Area accept summary: yes rounds of SPF calc: 3 area border routers: 0 AS border routers: 1 NSSA translator role: candidate NSSA translate status: disabled transit capability: no LSA refresh interval: 1800 LSA count: 1 LSA count (type 1): 1 LSA count (type 2): 0 LSA count (type 3): 0 LSA count (type 4): 0 LSA count (type 7): 0 LSA count (type 10): 0
... View more