https://community.cisco.com/t5/network-security/ospf-in-the-pix/m-p/214903#M610070 <P>Hi</P><P></P><P> We have pix 506 (location A) with ver 6.3(1) vpn lan to lan to the concentrator 3015 (location B). If I have other vpn route ( in the location C) make lan to lan to the PIX 506 (location A), could I enable OSPF in the PIX 506, routing location C traffic to the location B? </P><P></P><P>Thanks</P><P></P><P>ben</P> Fri, 21 Feb 2020 07:32:49 GMT bma 2020-02-21T07:32:49Z https://community.cisco.com/t5/network-security/ospf-in-the-pix/m-p/214903#M610070 <P>Hi</P><P></P><P> We have pix 506 (location A) with ver 6.3(1) vpn lan to lan to the concentrator 3015 (location B). If I have other vpn route ( in the location C) make lan to lan to the PIX 506 (location A), could I enable OSPF in the PIX 506, routing location C traffic to the location B? </P><P></P><P>Thanks</P><P></P><P>ben</P> Fri, 21 Feb 2020 07:32:49 GMT https://community.cisco.com/t5/network-security/ospf-in-the-pix/m-p/214903#M610070 bma 2020-02-21T07:32:49Z https://community.cisco.com/t5/network-security/ospf-in-the-pix/m-p/214904#M610071 <HTML><HEAD></HEAD><BODY><P>I don't think that can be done.</P><P></P><P>When defining crypto ACL on the the 506, what traffic are you going to define as interesting? You can't define a crypto ACL for PIX's outside interface sourcing OSPF traffic. Also, OSPF uses multicast traffic to establish neighbor adjacency, and since the neighbor command is not available on the PIX, you't can't statically configure a neighbor to pass unicast update. IPSec will not pass multicast traffic, only GRE could.</P><P></P><P>The biggest hurdle is that PIX simply won't send traffic out the same interface it receives from, VPN or not. Thus, you can't pass traffic to the PIX and ask it to redirect that traffic out to the Concentrator.</P></BODY></HTML> Thu, 05 Aug 2004 08:06:02 GMT https://community.cisco.com/t5/network-security/ospf-in-the-pix/m-p/214904#M610071 dtangent 2004-08-05T08:06:02Z