ospf bfd with cisco

fat · ‎12-02-2020

Hello,

I'd like to configure OSPF BFD between Fortigate and Cisco ASA.

My settings are as follows, but it didn't work.

I found Forti sent out packets but didn't receive from ASA.

ASA:

interface g0/0

ospf hello-interval 1 ospf dead-interval 3 bfd interval 250 min_rx 250 multiplier 3

Fortigate:

config router ospf

...

config ospf-interface

edit "interco"

set dead-interval 3 set hello-interval 1 set bfd enable

Thanks.

emnoc · ‎12-02-2020

Sounds like the cisco ASA might be setup for bfd correctly. Did you follow the cisco community and execute any debugging on the fortigate ?

Ken Felix Security Blog: BFD fortiagte and junos firewalls (socpuppet.blogspot.com)

I would run a the diag sniffer command and any debug options on the cisco ASA. If your sending to the cisco ASA device and not seeing response you will need to execute the show commands to ensure the interface is bfd enabled.

cisco

sh bfd summary

sh bfd drops

and debug bfd

Post your findings and packet dump here.

Ken Felix

PCNSE

NSE

StrongSwan

fat · ‎12-03-2020

Hello,

Good idea. I used debug bfd on Cisco. It showed nothing.

Finally I found out the issue.

On ASA OSPF interface, I need to add "bfd neighbor x.x.x.x", but it didn't appear on the config output.

The Fortigate config is the same.

Thank you for your help.

emnoc · ‎12-03-2020

Ok cool glad it worked out for you.

Ken Felix

PCNSE

NSE

StrongSwan

ospf bfd with cisco

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website