Strange OSPF Problem

Forum|Forum|13 years ago
August 6, 2012
3 replies
3124 views

I have setup a IPSec VPN to two central FGT (like in every other department) This is the only department running 4.3 at the moment (4.3.8) I have created two Interface based VPNs, which are up and running. No OSPF Routes are transported thou. get router info ospf neighbor shows my central FGT as EXSTART. debugging shows following: id=36868 msg=" OSPF: RECV[DD]: From 192.168.10.8 via CNT-Dep-W1W1:10.10.10.44: MTU size is too large (1412)" I have tried to reduce the mtu on the physical interface where the Interface VPNS terminate to 1400 but still receive the same error. I noticed that with (this) MR3 the VPN Interfaces are no longer shown as Subinterface of the phsical interface? Any hints on what could be the source for that?

rwpatterson

New Member

Have you tried playing with the OSPF interface MTU? CLI only adjustment.

  config router ospf          config ospf-interface              edit " OSPF_Interface"                   set cost 10                  set interface " VPN.Interface"                   set ip xxx.xxx.xxx.xxx                  set mtu 1500                  set network-type point-to-point              next          end  end

This works on at least V4, MR2, P 12.

emnoc

New Member

Yes the MTU ignore needs to be enable from either end. Also ensure your ospf parameters are the same ( hello and dead intervals )

Jan_ScholtenAuthor

New Member

SET MTU 1400 in the central site for just this two OSPF Interfaces sorted the problem. Thanks alot

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded