|
Hi,
There is a sample config on Cisco
site using GRE tunnel for OSPF traffic thro PIX fw.
hope this info helps.
Tx n RD
----- Original Message -----
Sent: Friday, April 05, 2002 12:13
PM
Subject: Re: PIX and OSPF updates
after two days of awaiting "moderation" i figured i would just
repost from
the account i'm subscribed from. sigh.
-
brett
---------- Forwarded message ----------
Date: Wed, 3 Apr 2002
08:37:53 -0800 (PST)
From: Brett Eldridge <[EMAIL PROTECTED]>
To: Burke
McCrory <[EMAIL PROTECTED]>
Cc:
[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: PIX
and OSPF updates
On Fri, 29 Mar 2002, Burke McCrory wrote:
>
I am trying to put a PIX into a network that uses OSPF between its
>
routers. So far I haven't been able to find a way to allow the
OSPF
> updates to pass through the PIX. Does anyone have any ideas
or
> suggestions? Thanks.
the problem you are running into
is the OSPF uses multicast by default and
the pix won't (and shouldn't)
route multicast.
one solution i have used to this solve problem is to
force OSPF to use
NBMA mode (effectively point-to-point routing updates).
each OSPF node is
told a specific neighbor to send updates to. i've used
both GateD and IOS
in these situations (and both with MD5 auth). i'm not
sure if NBMA can be
used between different subnets though.
i haven't
tried this through the pix and i'm not sure the pix can be told
to allow ip
protocol 89 between specific IP addresses on
different
interfaces.
-
brett
_______________________________________________
Firewalls
mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
|
