SRX Services Gateway
Reply
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

SRX240 to Cisco 4507R OSPF issue

Hi there,

got a SRX 240 cluster connecting to Cisco 4507R Switch and they are running OSPF between the two.

 

I'm seeing routes to each other locally but when I go one hop away on the cisco side I cannot ping the SRX side interface IP address.

 

Any ideas as this?

 

Do you need more info?

 

Thanks,

 

Paul

Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

Now the ospf neighorship is stuck in "EXSTART"

 

Any ideas?

 

Paul

Trusted Contributor
SomeITGuy
Posts: 330
Registered: ‎01-08-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

I haven't done OSPF between a Cisco Switch and an SRX, but my first thought would be to ensure that the VLANs are correct or that the port mode is correct on the switch..

 

The default vLAN and default tagging out of the box for Juniper and Cisco are not compatible, you need to make some configuration changes to make them talk.. 

 

An MTU mismatch would also cause OSPF to fail.

Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

Hey SomelTGuy,

thanks for the post.

 

As this was a production site I just disabled OSPF for the time being and have static routes now doing the job. I'll need to create a lab test and see how I get on before trying to implement OSPF again.

Trusted Contributor
acooley
Posts: 117
Registered: ‎08-07-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

HI  paulkil,

I've had issues with routing assemytricly on the SRX platform. Not the devices fault mind you, they are firewalls by default. If you are just using this as a router w/o no security requirements, maybe disable all the security features according to the KB article KB11963.

 

If you have more details of what the topology looks like and your configuration that would also help this cause a bit.

 

-A

-Adam
Contributor
gogogol
Posts: 31
Registered: ‎08-10-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

Hi Paul,

 

Is the security policy setup correctly on SRX?

Is the zone interface allowed ping on SRX?

Recognized Expert
JNPRdhanks
Posts: 301
Registered: ‎11-01-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

[ Edited ]

It's probably a MTU mismatch between the SRX and the Cisco :smileywink:

 

Enable traceoptions to find out more

 

 

set protocols ospf traceoptions file ospf.debug
set protocols ospf traceoptions flag hello detail
set protocols ospf traceoptions flag state detail
commit and-quit
monitor start ospf.debug

 

 

Doug Hanks
JNCIE-ENT #213, JNCIE-SP #875

Follow me on Twitter @douglashanksjr
Contributor
paulkil
Posts: 127
Registered: ‎11-05-2010
0

Re: SRX240 to Cisco 4507R OSPF issue

Hi Guys,

I finally turned off ospf and just used static routes between the devices....but I still couldn't ping across the link.

 

I did the following:

 

sh route

 

and everything seemed as it should, so too with a "show arp"

 

I opened a ticket with JTAC and they eventually re-set the forwarding table daemon and this got it working again.

 

I haven't yet re-enabled ospf but am waiting for an appropriate opportunity.

 

Thanks for all your help,

 

Paul

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.