03-28-2005 05:31 PM - edited 03-03-2019 09:09 AM
I would like to create an EIGRP neighbor relationship between my inside router and my Internet router. There's a PIX firewall in between the two routers.
Any idea if this is possible?
Thanks in advance.
03-28-2005 05:43 PM
Possible? Yes. I have seen it done in the past. It is kind of a hack though and I would not recommend it to my worst ennemy.
The best approach would be to use BGP to propagate dynamic routing updates through the PIX.
Please refer to the following URL for more information on using BGP in this context:
http://www.cisco.com/warp/public/459/BGP-PIX.htm
Hope this helps,
03-28-2005 05:57 PM
Thanks for the reply.
My goal with this is to be able to redistribute my internal routing domain (EIGRP) into OSPF on the Internet router. I have this set up curently without the firewall.
If I was to redistribute EIGRP into BGP on the inside router, run BGP across the firewall, and then redistribute BGP into OSPF on the Internet router, do you think it would work?
George
03-28-2005 09:35 PM
You may also want to consider configuring OSPF on your PIX.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1112559
Daniel
03-28-2005 09:55 PM
Another way to do it, is to use GRE tunnel between end point routers, and then run EIGRP over the tunnel, and allow GRE packets to pass through the PIX from the router;s ip address.
BGP is the preferred way to communicate routing info, across a firewall though.
03-29-2005 05:08 AM
Running GRE through the PIX is not recommended since all your PIX stateful is completely unaware of what's going through it, which defeats the purpose of using a FW in the first place.
Hope this helps,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide