We have two 6509s and two ASA 5510s (In active/standby failover), cabled as follows:
ASA(active/standby), one Ethernet to each 6509 on VLAN 100 running HSRP.
So, the ASA has an active IP of 10.1.1.233/29, the VLAN 100 has .234 and
235/29 with 236 as the HSRP address.The inside interface of each ASA is connected one of the 6509s. These two connections are in the same VLAN, running HSRP, this is in a /29 subnet, with one IP on the ASA (active) and another on the ASA (standby) and one each on each 6509.
All of the end-user devices are split between each switch (half on one, half on the other).
They are all configured in the same VLANs (a VLAN that is on SW1 is also on SW2, and the VLAN has a unique IP on each switch, with a standby IP address that is common to both).
PROBLEM:
We are seeing routing loops between the ASAs and the 6509s (seeing intermittent packet loss on pings).
Some PCs have trouble pinging their default gateways.
Some PCs have limited connectivity outside the network (through the ASA) and others have trouble connecting to other VLANs.
My proposed solution is to split the VLANs into different subnets so that we do not have two IP addresses for each subnet (or is this unnecessary because HSRP is ensuring that it appears to be only one)?
If this is not the solution, what is?
The ASAs have static routes pointing to the virtual IP address of VLAN 100, but the OSPF learned routes are also showing up in the routing table.
Jonathan