Good afternoon Kevin,
I am assuming that the NBMA/unicast adjacency is the configurable
unicast neighbor config that you can use in ios. If so then it "should"
possible to send it over the pix as long as you don't try to pat the
layer 3 proto (esp or AH) into a layer 4 port address translated packet
and as long as you make sure your crypto access list is configured to
pass proto 89 I don't see a reason why it shouldn't work. I have not
had the opportunity to try it.
Wade B
Kevin Steves wrote:
>
> On Tue, May 28, 2002 at 05:54:00PM -0700, Wade Blackwell wrote:
> > The only way to pass ospf over an ipsec tunnel is to encap the
> > multicast hellos into unicast packets. I have done this using gre on
> > ios, not on pix. I don't believe the pix supports gre yet. You could
> > encap the ospf on the router behind the pix and have the pix encap the
> > gre, decap on the other end and whalla you have your neighbor
> > adjacency. Let me know if you want more detail. Ciao.
>
> Why won't an NBMA/unicast adjacency work with just proto 89?
--
Wade Blackwell
Washington Mutual Bank
[EMAIL PROTECTED]
Network Security Architect
Aol & Yahoo instant messenger csewadeb
Calendar http://calendar.yahoo.com/csewadeb
(D)206.377.7426 (C)206.930.1822 (F)206.490.6797
smime.p7s
Description: S/MIME Cryptographic Signature
