Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
5
Helpful
3
Replies

PIX ospf configuration question, two processes

wilson_1234_2
Level 3
Level 3

‎09-22-2007 03:32 PM - edited ‎03-11-2019 04:15 AM

We have two PIX firewalls for two different functions, not failover.

Both PIX outside interfaces are in the same VLAN with edge router interface.

The edge router gets the default route from the PE router and distributes it to the intside on both firewalls.

At the moment there are two proccesses in each PIX, proccess 1 on the outside interface and process 2 on the inside interfaces of each PIX

The default route has to be dynamic for our failover scenario.

One PIX seems to be working by distributing the default to the inside, but the other PIX is not and causes problems with the dynamic routing.

Has anyone ever run across this type of scenaro and have some input on the best way to do this?

Any input would be appreciated.

Labels:
Preview file
33 KB
0 Helpful
3 Replies 3

whisperwind
Level 1
Level 1

‎09-22-2007 07:32 PM

What version? Any config you can share?

wilson_1234_2
Level 3
Level 3
In response to whisperwind

‎09-22-2007 09:07 PM

ver 6.3 on both PIXs:

This PIX is working and has adjacentcy, but looking at the "show ospf interface" the process 2 has no interfaces in it, but it does have adjacentcy with edge router and internal devices.

PIX525

router ospf 2

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.1.7.0 255.255.255.0 area 0

network 192.168.1.0 255.255.255.0 area 0

network 192.168.2.0 255.255.255.0 area 0

network 192.168.3.0 255.255.255.0 area 0

network 192.168.4.0 255.255.255.0 area 0

network 192.168.5.0 255.255.255.0 area 0

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

redistribute static subnets route-map STATIC

redistribute ospf 2 subnets match internal external 1 external 2

default-information originate

This PIX is not forming adcancentcy with edge router, but I don't think I need to really advertise from this PIX, all I need is to get the default router to it and the inside networks to it.

PIX515

router ospf 2

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.5.7.0 255.255.255.0 area 0

network 192.168.8.0 255.255.255.0 area 0

network 192.168.9.0 255.255.255.0 area 0

0 Helpful

wilson_1234_2
Level 3
Level 3
In response to wilson_1234_2

‎09-23-2007 04:56 AM

Sorry, the configs should look like this to match the drawing.

Would it be better to do some distribution in this scenario?

PIX525

router ospf 2

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.5.0.0 255.255.255.0 area 0

network 192.168.1.0 255.255.255.0 area 0

network 192.168.2.0 255.255.255.0 area 0

network 192.168.3.0 255.255.255.0 area 0

network 192.168.4.0 255.255.255.0 area 0

network 192.168.5.0 255.255.255.0 area 0

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

redistribute static subnets route-map STATIC

redistribute ospf 2 subnets match internal external 1 external 2

default-information originate

This PIX is not forming adcancentcy with edge router, but I don't think I need to really advertise from this PIX, all I need is to get the default router to it and the inside networks to it.

PIX515

router ospf 2

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.1.0.0 255.255.255.0 area 0

network 192.168.8.0 255.255.255.0 area 0

network 192.168.9.0 255.255.255.0 area 0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card