Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fat
New Contributor

ospf bfd with cisco

Hello,

 

I'd like to configure OSPF BFD between Fortigate and Cisco ASA.

My settings are as follows, but it didn't work.

I found Forti sent out packets but didn't receive from ASA.

 

ASA:

interface g0/0

ospf hello-interval 1  ospf dead-interval 3  bfd interval 250 min_rx 250 multiplier 3

Fortigate:

config router ospf

...

config ospf-interface

edit "interco"

 set dead-interval 3  set hello-interval 1  set bfd enable

Thanks.

3 REPLIES 3
emnoc
Esteemed Contributor III

Sounds like the cisco ASA might be setup for bfd correctly. Did you follow the cisco community and execute any debugging on the fortigate ?

 

Ken Felix Security Blog: BFD fortiagte and junos firewalls (socpuppet.blogspot.com)

 

I would run a the diag sniffer command and any debug options on the cisco ASA. If your sending to the cisco ASA device and not seeing response you will need to execute the show commands to ensure the interface is bfd enabled.

 

cisco

 

sh bfd summary 

sh bfd drops

 

and debug bfd 

 

Post your findings and packet dump here.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
fat
New Contributor

Hello,

 

Good idea. I used debug bfd on Cisco. It showed nothing.

Finally I found out the issue.

On ASA OSPF interface, I need to add "bfd neighbor x.x.x.x", but it didn't appear on the config output.

The Fortigate config is the same.

 

Thank you for your help.

emnoc
Esteemed Contributor III

Ok cool glad it worked out for you.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Top Kudoed Authors