Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
4
Replies

OSPF over PIX w/ 6.2

Go to solution
rgrcommo
Level 1
Level 1

‎02-02-2004 12:14 AM - edited ‎02-20-2020 11:13 PM

Ok 6.3 code is out of the question for this example. I am looking for any solutions for 6.2 code only. Thanks in advance!

Here is the setup:

(in)r1--->area 1 |PIX| area 1 ---->(out)r2--->s0/0--area 0

r1 is in AS 1 , r2 is in AS 2 and has area 0 off of s0/0 interface. r1 also has area 2 off of s0/0 interface. I am looking for examples on how to run OSPF from r1 to r2 with r1 being in area 2 and r2 being in area 0 without using a GRE tunnel. I could redistribute OSPF thru BGP but would this be the best/only solution..? Any suggestions would be great.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aacole
Level 5
Level 5
In response to rgrcommo

‎02-04-2004 01:04 AM

Jeff,

In the solution I implemented BGP was the only routing protocol passed through the firewall. Initially I tried to set the PIX up to allow traffic through thinking I could use the OSPF neighbour feature so the routers could see each other. This failed, as that feature also uses multicast traffic, which the PIX drops.

So in the end I redistributed OSPF into BGP, tunneled the routing information through the firewall and redistributed back into OSPF.

I didnt try using a virtual link, but as OSPF relies heavily on multicast traffic I'm sure such a link would fail also.

Virtual links are often described as `tunnels' but that is intended to promote understanding of the concept, they only operate within contiguous OSPF networks.

6.3 sounding attractive yet??

View solution in original post

0 Helpful
4 Replies 4

Go to solution
aacole
Level 5
Level 5

‎02-03-2004 07:18 AM

I had exactly the same application also based on pix 6.2. I ended up using BGP through the firewall, as that was the only solution that offered the route filtering as well. The customer considerd the GRE as a bit too risky for his security application, so BGP it was.

Then when 6.3 came along life got a bit easier.

0 Helpful

Go to solution
rgrcommo
Level 1
Level 1
In response to aacole

‎02-03-2004 08:47 AM

Thanks for your reply! To follow up.. How were you able to apply a virtual-link to either side?

And lets say "all" options are open is there any other way that you know of to allow OSPF thru the PIX in with this setup?

thanks- Jeff

0 Helpful

Go to solution
aacole
Level 5
Level 5
In response to rgrcommo

‎02-04-2004 01:04 AM

Jeff,

In the solution I implemented BGP was the only routing protocol passed through the firewall. Initially I tried to set the PIX up to allow traffic through thinking I could use the OSPF neighbour feature so the routers could see each other. This failed, as that feature also uses multicast traffic, which the PIX drops.

So in the end I redistributed OSPF into BGP, tunneled the routing information through the firewall and redistributed back into OSPF.

I didnt try using a virtual link, but as OSPF relies heavily on multicast traffic I'm sure such a link would fail also.

Virtual links are often described as `tunnels' but that is intended to promote understanding of the concept, they only operate within contiguous OSPF networks.

6.3 sounding attractive yet??

0 Helpful

Go to solution
rgrcommo
Level 1
Level 1
In response to aacole

‎02-04-2004 05:59 AM

thanks for the feedback!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card