Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1129
Views
0
Helpful
4
Replies

Passing OSPF routing -- R1 --> Checkpoint FW -- R2

metzj
Level 1
Level 1

‎05-20-2008 11:32 AM - edited ‎03-03-2019 10:01 PM

What would be the best way to configure OSPF Routing to pass from R1 thru Checkpoint FW to R2 without establishing a GRE Tunnel. I have attmepted this via ethernet interfaces configured with "ip ospf network non-broadcast" command. Specifying neigbhor commands in the OSPF process. Also we are using secondary ip address. I have attached the configs of the two routers. So far All I get on R2 is attempt/drother. Any suggestions are most welcome.

Labels:
Preview file
2 KB
0 Helpful
4 Replies 4

Harold Ritter
Level 12
Level 12

‎05-20-2008 12:04 PM

Joel,

As far as I know, you will only be able to get an adjacency between R1 and R2 if you configure the transparent mode on the Checkpoint FW1 platform. I know this is the case when you use a Cisco FW service module (FWSM).

In routed mode, you will simply not be able to achieve that as the OSPF packets are sent with a TTL of 1 and decremented on the Checkpoint device.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

metzj
Level 1
Level 1
In response to Harold Ritter

‎05-20-2008 01:40 PM

Thank You "hritter" I appreciate the insight with our problem. What is the best way to route through a firewall with a Cisco router on each side.

Thank You

0 Helpful

Harold Ritter
Level 12
Level 12
In response to metzj

‎05-20-2008 04:15 PM

Joel,

As mentioned in my previous post, the best way would probably be to use the transparent mode on the Checkpoint FW-1 device, which would allow you to have an adjacency between R1 and R2.

If you don't want to go from routed to transparent mode, then I would recommend to run BGP through the FW and to redistribute between OSPF and BGP on either side.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

kshortdynasty
Level 1
Level 1
In response to Harold Ritter

‎05-20-2008 05:05 PM

Joel,

Are you trying to run OSPF with the Checkpoint firewall? I've done this and it worked well. There was an FWSM on the inside and a 2600 router on the outside.

If not, what's your reason for not letting the Checkpoint participate in OSPF?

Keith

Co-Founder LinuxDynasty

http://www.linuxdynasty.org

http://www.linuxdynasty.com

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card