2 x routeros 64 (vm)
connected to Cisco ASA5520
ospf 1 on the asa connects to the 2 routeros vms
I use md5 authentication
all works fine
I added another router ospf process, number 2 to the asa and on another interface
on that vlan I have 2 more routeros
I have BGP setup on these routers and i redistributes from BGP into ospf
on these routers os boxes I keep getting
Discarding packet: MD5 authentication failed
invalid sequence number
one one routeros bdr is not liking the 3rd node.
where are the 3rd node which is not a dr or a bdr is not liking either node.
BUT the routes are propogating… the ASA doesn’t do iBGP and it has all the routes!
I also see this message in the Logs when I enable MD5 authentication between Mikrotik routers, but not between a Cisco and a MTK router. I’ve sent the bug report to support but after some mails, they stopped updating me about the status of this problem.
I don’t know if those problems are related, but maybe they are.
yes BUT
The ASA 5510, ASA 5520, ASA 5540, ASA 5550, and ASA 5580 are not supported in this release or later. ASA Version 9.1 was the final release for these models.
Bummer I missed the caveat. Sorry to get your hopes up.
However, it just hit me that because you are using a separate OSPF process, you may be running into an issue with the instance numbering which isn’t easy to change in Cisco - I believe it is hard set to 0 in IOS/ASA.
Are you using different instance IDs across the OSPF processes?
Instance-id is an interface specific OSPF attribute that allows you to identify OSPF processes when running multiple over the same interface. I’ve seen issues where Mikrotik is running an instance id of 1 on an interface and the Cisco device has an id of 0 - if that happens, you will have a hard time getting OSPF to work properly.
I missed the caveat. Sorry to get your hopes up.