OSPF over Tunnel Interface
Network_Admin
Newbie ✭
TZ400 - SonicOS Enhanced 6.5.4.7-83n
OSPF neighbor relationship will not form on a VPN tunnel Interface. Neighbors can ping each other, but the neighbor relationship is stuck in INIT. The other endpoint is an SRX. There is already working OSPF between these two devices with a Point to Point link. I have enabled Multicast on the Tunnel Interface. The error in the Sonicwall Logs isOSPF:RECV[] - Cannot find ingress network match.
I tried to Google that error message, with no luck. I have opened a case with support, but figured I'd reach out here to see if anyone has seen it.
Category: Entry Level Firewalls
0
Answers
Hi @NETWORK_ADMIN,
Thank you for visiting SonicWall Community.
The error message "OSPF:RECV[] - Cannot find ingress network match" sounds to me like there is a network mismatch between either the physical interfaces or VLAN interfaces between the neighbors. My suggestion is to perform a packet monitor on the SonicWall for the OSPF packets and determine if there are any packet drops due to any VLAN ID mismatch or VLAN traffic received on wrong interface(s).
After packet monitor, please make sure the MTU on the interface is set to an optimum value.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I have tried "ip ospf mtu-ignore" and matching the MTU (1438) on the remote side. These don't do anything.
I will see if Packet Monitor shows me anything, thanks.
@Network_Admin, when you were testing this, did you disable OSPF on the Point to Point?
Thanks @NETWORK_ADMIN.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
I did not. Why would I do this? My production traffic is using that link, and the routes that come across it.
Hi @Network_Admin
Is this issue still ongoing? I have sent you a PM with a request for the case number if so.
Hi @Network_Admin,
Please make sure the created network address objects zone assignment are correct in both end.
As well as check the routing policy matching conditions.
NB: The tunnel will be up and OSPF will be able to detect neighbors, traffic will be blocked to the other side of the tunnel until access rules are created from the local zones to the VPN zone.