On Tue, May 28, 2002 at 05:54:00PM -0700, Wade Blackwell wrote:
The only way to pass ospf over an ipsec tunnel is to encap the
multicast hellos into unicast packets. I have done this using gre on
ios, not on pix. I don't believe the pix supports gre yet. You could
encap the ospf on
Good afternoon Kevin,
I am assuming that the NBMA/unicast adjacency is the configurable
unicast neighbor config that you can use in ios. If so then it should
possible to send it over the pix as long as you don't try to pat the
layer 3 proto (esp or AH) into a layer 4 port address
Burke McCrory wrote:
I am trying to put a PIX into a network that uses OSPF between its
routers. So far I haven't been able to find a way to allow the OSPF
updates to pass through the PIX. Does anyone have any ideas or
suggestions? Thanks.
Burke McCrory
Internet Administrator
On Fri, 29 Mar 2002, Burke McCrory wrote:
I am trying to put a PIX into a network that uses OSPF between its
routers. So far I haven't been able to find a way to allow the OSPF
updates to pass through the PIX. Does anyone have any ideas or
suggestions? Thanks.
the problem you are running
On Fri, 29 Mar 2002, Claussen, Ken wrote:
:According to Cisco Documentation:
: PIX Firewall does not pass multicast packets. Many routing protocols
:use multicast packets to transmit their data. If you need to send
:routing protocols across the PIX Firewall, configure the routers with
:the Cisco
PROTECTED], [EMAIL PROTECTED]
Subject: Re: PIX and OSPF updates
On Fri, 29 Mar 2002, Burke McCrory wrote:
I am trying to put a PIX into a network that uses OSPF between its
routers. So far I haven't been able to find a way to allow the OSPF
updates to pass through the PIX. Does anyone have any
]
Sent: Friday, April 05, 2002 12:13
PM
Subject: Re: PIX and OSPF updates
after two days of awaiting "moderation" i figured i would just
repost fromthe account i'm subscribed from. sigh.-
brett-- Forwarded message --Date: Wed, 3 Apr 2002
08:37:53 -0800
On Fri, 29 Mar 2002, Burke McCrory wrote:
I am trying to put a PIX into a network that uses OSPF between its
routers. So far I haven't been able to find a way to allow the OSPF
updates to pass through the PIX. Does anyone have any ideas or
suggestions? Thanks.
(1) switch routing
At 09:14 PM 3/29/2002 -0500, you wrote:
Maybe it's just me here, but I'm not clear on the logic of why you would
want to pass any dynamic routing protocol through a PIX, or any firewall
for that matter.
What Jason illustrates follows what I consider good security practice.
That concept can be
By allowing any dynamic routing protocol through your firewall would make
your new more secure network anything but secure.
At 03:31 PM 4/1/2002 -0600, Burke McCrory wrote:
At 09:14 PM 3/29/2002 -0500, you wrote:
Maybe it's just me here, but I'm not clear on the logic of why you would
want to
Actually, given the appropriate static and alias commands,
I have been able to get all routing protocols _except_ OSPF
to pass through the PIX. (i.e. RIPv1 and v2, IGRP and EIGRP and
BGP) BGP is the only one the you can pass through the PIX
without needing static and alias commands, but the rest
Burke,
What have you attempted so far in order to resolve and on which
devices, the PIX or upstream/downstream router?
The PIX doesn't support dynamic routing protocols such as OSPF, only static/default
routes.
To me this would seem good so the PIX is dedicated to security (stateful
Burke,
Just in case I wasn't clear, try this:
Router APIX Router B
OSPF (all static Static redistributes
updates routes point Routes statics into OSPF
to A to PIX) to
Just a FYI, bgp seems to be about the only protocol
you can pass through a pix without some nasty GRE
tunnel.
--- Jason Ostrom [EMAIL PROTECTED] wrote:
Burke,
What have you attempted so far in order to resolve
and on which
devices, the PIX or upstream/downstream router?
The PIX
]
Subject: Re: PIX and OSPF updates
Just a FYI, bgp seems to be about the only protocol
you can pass through a pix without some nasty GRE
tunnel.
--- Jason Ostrom [EMAIL PROTECTED] wrote:
Burke,
What have you attempted so far in order to resolve
and on which
devices, the PIX or upstream
Title: Re: PIX and OSPF updates
At 12:11 PM -0600 3/29/02, Burke McCrory wrote:
I am trying to put a PIX into a network
that uses OSPF between its routers. So far I haven't been able
to find a way to allow the OSPF updates to pass through the PIX.
Does anyone have any ideas or suggestions
PROTECTED]]
Sent: Friday, March 29, 2002 4:26 PM
To: [EMAIL PROTECTED]
Subject: Re: PIX and OSPF updates
Just a FYI, bgp seems to be about the only protocol
you can pass through a pix without some nasty GRE
tunnel.
--- Jason Ostrom [EMAIL PROTECTED] wrote:
Burke,
What have
17 matches
Mail list logo
