a couple of ways to generate the default route from the fw using ospf. you can make the new subnets (the /30 or /29) a stub or totally stub area and the fw will automatically generate a default route to the ssa's. or if you use a normal area, you can force the fw to generate a default route with an additional cmd. depending on your fw vendor, the cmd will vary.
e.g. for cisco fw, the cmd is: Default Information Originate (under the ospf routing process) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Loeckle Sent: Wednesday, June 01, 2011 11:09 AM To: Enterasys Customer Mailing List Subject: Re: [enterasys] 2-Default Routes Hi Walter, There are no specific ospf commands in the ssa's to receive this information. You will need to configure your firewall to redistribute static routes and the ssa's will receive the default route published by the firewall. Stephen ----- Original Message ----- From: "Walter Witkowski" <[email protected]> To: "Enterasys Customer Mailing List" <[email protected]> Sent: Wednesday, June 1, 2011 9:54:50 AM Subject: RE: [enterasys] 2-Default Routes Currently the FW has a default route statement to our F5 Link Controller (handles two ISP's) as well as static routes to the internal networks. We are considering running OSPF in the firewall since we are replacing it now. When you say "have the fw generate a default route to the SSA's" how is this done? Are there specific OSPF commands to do this? I'm not familiar!!! thnks waltw >>> "D'Estienne, Michael" <Michael.D'[email protected]> 6/1/2011 10:24 AM >>> without knowing your fw setup, my suggestion is: - you’ll have 2 “inside” fw interfaces - connect each inside interface to each ssa - run a /30 or a /29 on each physical link between the fw and the ssa’s - run ospf between the ssa’s as well to accommodate a local link failure up to the fw, in which case, the ssa will use the x-connect to the to the other ssa and route to the fw - have the fw generate a default route to the ssa’s - each ssa will have a different default gateway ip on the fw - routing from the fw to the lan subnet will be taken care of by ospf if you can run virtual fw’s you can do the same setup using a singe “inside” interface in each virtual fw, which is what i would do. mike From: [email protected] [mailto:[email protected]] On Behalf Of Walter Witkowski Sent: Wednesday, June 01, 2011 9:57 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] 2-Default Routes I am looking at the traffic flowing from the SSA's to the INTERNET FW. Also in this design question I am considering only a failure of one of the SSA's INTERNET FW connections. VRRP is running on the users side already so the users will be switched to the working SSA if an entire SSA goes away. I want to create two physical paths and two logical paths to the FW. Each SSA would have it's own (and different) default gateway address. Even with the FW participating in OSPF the routers will still need different default gw addresses. With OSPF running in the SSA's will SSA 1 know to send traffic to SSA 2 if it's own default gateway interface is no longer available? Are there additional OSPF commands that need to be entered for this to work. Will this work? thnks waltw >>> Michael Votaw - VTI < [email protected] > 5/31/2011 7:12 PM >>> One idea is to use VRRP for your FW. Setup VRRP on each of the SSAs for their connection to the FW. If one SSA goes down the FW will be sending to the virtual IP and won’t know the difference. The routes on the SSA’s can do whatever they like since they live on the same interface as each other and the FW. From: Walter Witkowski [mailto:[email protected]] Sent: Tuesday, May 31, 2011 4:39 PM To: Enterasys Customer Mailing List Subject: [enterasys] 2-Default Routes Hi all, Here's the network. Two S-Series Routers running OSPF with a routed link between them. Currently only one physical path to the INTERNET FW via a vlan which both routers participate in. Each router has a default route to the FW's ip address. I want to create two separate physical paths to the INTERNET FW. Each router having it's own default route. How do I advertise this into OSPF so that if one (default route) interface fails the failing router will know how to find the working default route path. thnks in advance waltw • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1375 / Virus Database: 1509/3671 - Release Date: 05/31/11 • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys Michael.D'[email protected] • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys Michael.D'[email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
