Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
5
Replies

Routing protocols through the PIX

jkampmeyer
Level 1
Level 1

‎08-27-2003 03:28 PM - edited ‎02-20-2020 10:57 PM

I need to advertise route from the inside of the pix to the outside of the pix. I am using EIGRP inside and outside(but can use any routing protocol). Is this possible? If so what is the best way to do it?

Thanks,

Jamey

0 Helpful
5 Replies 5

scoclayton
Level 7
Level 7

‎08-27-2003 06:10 PM

Jamey,

As you probably know, there is no way to natively pass EIGRP updates through the PIX. You pretty much have two options here:

1) create a GRE tunnel between the inside and outside router and pass your EIGRP updates across this. You will need to create a 1:1 static on the PIX and allow GRE to flow between the two hosts.

2) upgrade to 6.3 code on your PIX and configure OSPF. You would then redistribute your EIGRP routes into OSPF which the PIX would understand and advertise to the outside router. Once there, you can redistribute back into EIGRP if you want to.

BGP is the only routing protocol that will actually "pass" through the PIX without piping it through a GRE tunnel.

Scott

0 Helpful

jkampmeyer
Level 1
Level 1
In response to scoclayton

‎08-28-2003 05:49 AM

Thanks Scott.

In 6.3 will OSPF redistribute? With RIP the routes will not redistribute.

Jamey

0 Helpful

scoclayton
Level 7
Level 7
In response to jkampmeyer

‎08-28-2003 05:57 AM

OSPF on the PIX will redistribute between OSPF processes on the PIX. In other words, you can have two OSPF processes running - one for the inside and one for the outside (for instance). You can redistribute from one OSPF process to the other if you want to. Or, you could just put both interfaces into one OSPF process and let PIX update the remote routers with the route updates. Clear or explained poorly?

Scott

0 Helpful

jkampmeyer
Level 1
Level 1
In response to scoclayton

‎08-28-2003 06:00 AM

Very clear. Thanks again for the help. I will be upgrading to 6.3

Jamey

0 Helpful

rgrcommo
Level 1
Level 1
In response to jkampmeyer

‎11-24-2003 12:55 AM

Hello,

This is most likely to late of an "update" message but you could still use ver 6.2 on the PIX although upgrading would most likely be you best option.

You can put EIGRP over a PIX running 6.2 w/o tunneling it - this is very easy to do in fact. It is the defacto standard that everyone must think that EIGRP is not able to pass through a PIX w/o using a tunnel. BGP will pass thru opening an access list of course and so will EIGRP infact IGRP and RIP will also pass thru the pix.

There are two ways to do this not using a tunnel. The first way is to use double NAT on the PIX. The second way is the cleanest way is to just use one to one networks in different subnets outside and inside.

This is all possible because each of these routing protocols have a ttl of 2 where OSPF has a ttl of 1 and this is not possible.

Anyway just an FYI

Jeff

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card