CCIE Security: Troubleshooting (Ticket #1)

So in getting ready for the CCIE Security lab this year, I’ve been spending some time trying to come up with my own troubleshooting scenarios. The process for this, if you’re curious, is normally born from practicing config and noting issues that come up when I misconfigure something. Then I’ll try to layer it with other similar or related issues. Alright, so let’s write this one up, standard sort of CCIE-ish rules apply.
  • Changes must be specific to issue you’re troubleshooting (i.e. Make your changes as specific as possible)
  • Do not remove any security related configuration. Only adjust or add configuration to correct issues.



R1 and R2 are connected via ASAv1, running in transparent mode. The two routers have (2) loopback interfaces, Loopback1 and Loopback2 addressed as 10.x.x.1/32 and 10.x.x.2/32 where X is the router number. Loopback1 should be learned via OSPF, and is used for BGP peering whereas Loopback2 is advertised by BGP. Neither OSPF or BGP peerings are successfully forming, troubleshoot and resolve so that both routers establish OSPF and BGP peerings. Ping both of R1’s loopback interfaces from both of R2’s loopback interfaces to confirm you’ve resolved the issue. Additionally, match the output below to both routers.

Super Complex Network Diagram

Download Intitial Configs

R1 Output:

R1#show ip route | inc ^B|^O                        
O [110/2] via, 00:09:48, GigabitEthernet1
B [20/0] via, 00:08:54

R1#show bgp ipv4 unicast neighbors | inc md5
Option Flags: nagle, path mtu capable, md5, Retrans timeout 

R2 Output:

R2#show ip route | inc ^B|^O                        
O [110/2] via, 00:11:47, GigabitEthernet1
B [20/0] via, 00:10:52

R2#show bgp ipv4 unicast neighbors | inc md5
Option Flags: nagle, path mtu capable, md5 

Alright interwebs, have at and let me know what you think. Find the solution(s) here.

Leave a Reply