Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

ospf in the pix

bma
Level 1
Level 1

‎08-04-2004 02:52 PM - edited ‎02-20-2020 11:32 PM

Hi

We have pix 506 (location A) with ver 6.3(1) vpn lan to lan to the concentrator 3015 (location B). If I have other vpn route ( in the location C) make lan to lan to the PIX 506 (location A), could I enable OSPF in the PIX 506, routing location C traffic to the location B?

Thanks

ben

0 Helpful
1 Reply 1

dtangent
Level 1
Level 1

‎08-05-2004 01:06 AM

I don't think that can be done.

When defining crypto ACL on the the 506, what traffic are you going to define as interesting? You can't define a crypto ACL for PIX's outside interface sourcing OSPF traffic. Also, OSPF uses multicast traffic to establish neighbor adjacency, and since the neighbor command is not available on the PIX, you't can't statically configure a neighbor to pass unicast update. IPSec will not pass multicast traffic, only GRE could.

The biggest hurdle is that PIX simply won't send traffic out the same interface it receives from, VPN or not. Thus, you can't pass traffic to the PIX and ask it to redirect that traffic out to the Concentrator.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card