Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
1
Replies

PIX OSPF and RID

wilson_1234_2
Level 3
Level 3

‎01-14-2008 07:15 AM - edited ‎03-11-2019 04:47 AM

I have two PIX firewalls configured with two OSPF processes.

The edge router is connected to the PIX outside interfaces in one process.

I want to make sure the edge router will alwas prefer one PIX over the other, but the one I want preferred has a lower address on the OSPF interface showing up as the neighbor ID.

The ouside Interfaces are showing up as below from the Internet router:

MCI-

Neighbor ID Pri State Dead Time Address Interface

192.168.7.1 1 FULL/DROTHER 00:00:37 20.11.19.8 FastEthernet0/0

192.168.8.1 1 FULL/BDR 00:00:36 20.11.19.6 FastEthernet0/0

I want to make the PIX that owns the 20.11.19.6 interface be the preferred next hop for the edge router, but it is not.

Can I set the RID to a loopback interface on a PIX as you can in a router?

If so, what if I have more than one process, can you have more than one loopback one for each process?

Labels:
0 Helpful
1 Reply 1

bdube
Level 2
Level 2

‎01-14-2008 08:02 AM

I understand you have 2 PIX connected to a common edge router.

To redirect inbound traffic to a preferred PIX, you can set interface cost to the edge router's interfaces giving to the PIXes. In OSPF, lower is better then a lower cost will be choose as the preferred path.

For outbound traffic, you can also set cost to your internal routers to choose a preferred path.

Ben

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card