https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192708#M590318 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>This is most likely to late of an "update" message but you could still use ver 6.2 on the PIX although upgrading would most likely be you best option.</P><P></P><P>You can put EIGRP over a PIX running 6.2 w/o tunneling it - this is very easy to do in fact. It is the defacto standard that everyone must think that EIGRP is not able to pass through a PIX w/o using a tunnel. BGP will pass thru opening an access list of course and so will EIGRP infact IGRP and RIP will also pass thru the pix.</P><P></P><P>There are two ways to do this not using a tunnel. The first way is to use double NAT on the PIX. The second way is the cleanest way is to just use one to one networks in different subnets outside and inside.</P><P></P><P>This is all possible because each of these routing protocols have a ttl of 2 where OSPF has a ttl of 1 and this is not possible.</P><P></P><P>Anyway just an FYI </P><P></P><P>Jeff</P><P></P></BODY></HTML> Mon, 24 Nov 2003 08:55:54 GMT rgrcommo 2003-11-24T08:55:54Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192703#M590311 <P>I need to advertise route from the inside of the pix to the outside of the pix. I am using EIGRP inside and outside(but can use any routing protocol). Is this possible? If so what is the best way to do it?</P><P></P><P>Thanks,</P><P>Jamey</P> Fri, 21 Feb 2020 06:57:30 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192703#M590311 jkampmeyer 2020-02-21T06:57:30Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192704#M590312 <HTML><HEAD></HEAD><BODY><P>Jamey,</P><P></P><P>As you probably know, there is no way to natively pass EIGRP updates through the PIX. You pretty much have two options here:</P><P></P><P>1) create a GRE tunnel between the inside and outside router and pass your EIGRP updates across this. You will need to create a 1:1 static on the PIX and allow GRE to flow between the two hosts.</P><P></P><P>2) upgrade to 6.3 code on your PIX and configure OSPF. You would then redistribute your EIGRP routes into OSPF which the PIX would understand and advertise to the outside router. Once there, you can redistribute back into EIGRP if you want to.</P><P></P><P>BGP is the only routing protocol that will actually "pass" through the PIX without piping it through a GRE tunnel.</P><P></P><P>Scott</P></BODY></HTML> Thu, 28 Aug 2003 01:10:21 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192704#M590312 scoclayton 2003-08-28T01:10:21Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192705#M590314 <HTML><HEAD></HEAD><BODY><P>Thanks Scott.</P><P>In 6.3 will OSPF redistribute? With RIP the routes will not redistribute.</P><P></P><P>Jamey</P></BODY></HTML> Thu, 28 Aug 2003 12:49:55 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192705#M590314 jkampmeyer 2003-08-28T12:49:55Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192706#M590315 <HTML><HEAD></HEAD><BODY><P>OSPF on the PIX will redistribute between OSPF processes on the PIX. In other words, you can have two OSPF processes running - one for the inside and one for the outside (for instance). You can redistribute from one OSPF process to the other if you want to. Or, you could just put both interfaces into one OSPF process and let PIX update the remote routers with the route updates. Clear or explained poorly?</P><P></P><P>Scott</P></BODY></HTML> Thu, 28 Aug 2003 12:57:49 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192706#M590315 scoclayton 2003-08-28T12:57:49Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192707#M590316 <HTML><HEAD></HEAD><BODY><P>Very clear. Thanks again for the help. I will be upgrading to 6.3</P><P></P><P>Jamey</P></BODY></HTML> Thu, 28 Aug 2003 13:00:25 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192707#M590316 jkampmeyer 2003-08-28T13:00:25Z https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192708#M590318 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>This is most likely to late of an "update" message but you could still use ver 6.2 on the PIX although upgrading would most likely be you best option.</P><P></P><P>You can put EIGRP over a PIX running 6.2 w/o tunneling it - this is very easy to do in fact. It is the defacto standard that everyone must think that EIGRP is not able to pass through a PIX w/o using a tunnel. BGP will pass thru opening an access list of course and so will EIGRP infact IGRP and RIP will also pass thru the pix.</P><P></P><P>There are two ways to do this not using a tunnel. The first way is to use double NAT on the PIX. The second way is the cleanest way is to just use one to one networks in different subnets outside and inside.</P><P></P><P>This is all possible because each of these routing protocols have a ttl of 2 where OSPF has a ttl of 1 and this is not possible.</P><P></P><P>Anyway just an FYI </P><P></P><P>Jeff</P><P></P></BODY></HTML> Mon, 24 Nov 2003 08:55:54 GMT https://community.cisco.com/t5/network-security/routing-protocols-through-the-pix/m-p/192708#M590318 rgrcommo 2003-11-24T08:55:54Z