Skip to main content

Posts

Showing posts from February, 2018

Error Message %DUAL-6-NBRINFO: EIGRP-IPv4 34256

If you see the error  %DUAL-6-NBRINFO: EIGRP-IPv4 xxxx  is blocked: not on common subnet then it simply means that there are EIGRP devices sending multicast hellos on an interface which have a different IP Range configured to the receiving router.  160617: .Feb 22 15:11:05.194 GMT: %DUAL-6-NBRINFO: EIGRP-IPv4 34256: Neighbor 17 2.31.253.1 (Vlan43) is blocked: not on common subnet                                                     (172.31.252.1/31) 160618: .Feb 22 15:11:12.770 GMT: %DUAL-6-NBRINFO: EIGRP-IPv4 34256: Neighbor 19 2.168.205.0 (Vlan44) is blocked: not on common subnet (192.168.204.1/31)                                                                                          This is most likely to occur by accident when two subnets are configured on the same VLAN, with EIGRP running on the interface.
Post a Comment
Read more

ASA5585-X Does not support EIGRP between contexts

Since upgrading to the ASA5585-X firewall running in multi-context mode we have had a number of questions around functionality.  We raised a case with Cisco TAC to find out why EIGRP peering is not supported between contexts.  This was their response:- Thank you for your patience on this case; the behavior you are seeing on the ASA is expected since inter-context exchange of multicast is not supported “Context Guidelines EIGRP instances cannot form adjacencies with each other across shared interfaces because inter-context exchange of multicast traffic is not supported.” https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/route-eigrp.html#ID-2179-0000001b As a workaround, you can configure static neighbors but it is supported only on point-to-point links. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo76566/?reffering_site=dumpcr So due to inter-context exchange of multicast traffic not being supported, EI
Post a Comment
Read more

ASA5585-X Multi Context mode does not allow clientless webvpn access.

Since migrating to an ASA5585-X running in multi context mode, we have been unable to use the clientless webvpn mode to push down the anyconnect software.  We opened a TAC case and got this response from Cisco. Thanks for the information provided. Unfortunately clientless webvpn access is not supported in multiple context mode, that is the reason why you get the “Internal server error” when trying to access the ASA using a browser. While using the ASA in multiple context mode you need to find an alternative way to distribute the Anyconnect software and profile to the remote users since you won’t be able to provide it directly from the ASA. The following enhancement request was opened to address this issue in future releases: ENH: Add Features in Remote Access VPN in Multi-Context Mode CSCuw19758 Description Symptom: This is an Enhancement Request Add support for below features in Remote Access VPN in Multi-Context Mode: 1. Username-from-certificate and prefill
Post a Comment
Read more