RE: ASA FW blocking OSPF packet

yes ospf on GRE tunnel interface , problem is there no Ospf activity on
router after depoying the ASA , if I removed the ASA font of the router then
OSPF bring up . please see belwo the configuration of router

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cxxxx.xxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dmvpnset esp-3des esp-sha-hmac
!
crypto ipsec profile CISCO
 set transform-set dmvpnset
!
!
!
!
interface Loopback1
 ip address 10.0.255.3 255.255.255.255
 load-interval 30
!
interface Tunnel1
 description
 ip address 192.168.xxx.xx 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication dmvpn
 ip nhrp map multicast dynamic
 ip nhrp map multicast 193.xxx.xxx.xx
 ip nhrp map 192.168.xxx.xx 193.xx.xxx.xx
 ip nhrp network-id 99
 ip nhrp holdtime 300
 ip nhrp nhs 192.168.253.1
 no ip route-cache cef
 ip route-cache flow
 ip tcp adjust-mss 1360
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 0
 load-interval 30
 qos pre-classify
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel path-mtu-discovery
 tunnel protection ipsec profile CISCO
 service-policy output BRANCH-LAN
!
interface FastEthernet0/0
 description
 ip address xx.xx.xx.xx 255.255.x.xxx
 ip nbar protocol-discovery

ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
load-interval 30
duplex auto
speed auto
nterface FastEthernet0/1
ip address 10.0.xx.xx 255.255.255.0
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly max-reassemblies 30
ip route-cache flow
load-interval 30
duplex auto
speed auto
outer ospf 1
router-id 10.0.255.3
log-adjacency-changes
area 108 nssa no-summary
network 10.0.xx.xx. 0.0.0.0 area 108
network 10.0.xxx.xx 0.0.0.0 area 108
network 192.168.xx.xx 0.0.0.0 area 108

Date: Sun, 17 Oct 2010 13:21:14 -0500
Subject: Re: ASA FW blocking OSPF packet
From: baker.garry_at_gmail.com
To: i_sameer_at_hotmail.com
CC: ccielab_at_groupstudy.com

will need to see more about your configs and/or simple diagram maybe, do you
have ospf on the tunnel interface?

if so what is the neighbor state?

do you have connectivity to the ospf neighbor/neighbors?

--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com
On Sun, Oct 17, 2010 at 1:03 PM, sameer inam <i_sameer_at_hotmail.com> wrote:
running OPSF over the dmvpn ipsec tunnel.
Date: Sun, 17 Oct 2010 11:06:26 -0500
Subject: Re: ASA FW blocking OSPF packet
From: baker.garry_at_gmail.com
To: i_sameer_at_hotmail.com
CC: ccielab_at_groupstudy.com
are you trying to peer with the cisco router as an ospf adj or run ospf over
the dmvpn ipsec tunnel?
--
Garry L. Baker
"There is no 'patch' for stupidity." - www.sqlsecurity.com
On Sun, Oct 17, 2010 at 10:55 AM, sameer inam <i_sameer_at_hotmail.com> wrote:
Hello Expert,
I m trying to install ASA 5505  facing ISP using /30 ip subnet and inside
port
connected to Cisco router with public /29 IP subnet . On router we have
configured DMVPN . issue is Ipsec  works Fine but OSPF on cisco router is not
up after installing the ASA , do you  guys have any idea how I can fix this
issue ?
Note : There is noting  configured on ASA its just having two public IP
addreses. /30 and /29
kInd regards,
Sameer
Blogs and organic groups at http://www.ccie.net