Re: PIX 7.0 - OSPF over VPN

HEATH FREEL · ‎08-18-2005

I have read this works and have attempted to configure this with a Netscreen running version 5.2.

The netscreen sends the hello's and the Pix recieves them. I can only get the PIX to send them (what looks to be) in the clear when I enable OSPF on the outside interface. How do I get the PIX to send OSPF over the tunnel. Has any body got this working even between two PIX's?? a config example of that would help me a lot.

Thanks,

Heath

shijogeorge · ‎08-18-2005

Hi,

Have you added the necessary entry to the crypto ACL so that OSPF traffic takes the tunnel?

eg: access-list cryptomap_acl extended permit ospf interface outside host x.x.x.x

HTH

Regards,

Shijo George.

HEATH FREEL · ‎08-19-2005

Hi,

My crypto mao included the private subnets of each site. I had not done an OSPF entry in the ACL.

Would I not use the Inside as the source? and what about the Dest - should that be the Router_ID of the remote PIX?

Thanks,

yongl · ‎08-19-2005

Hi,

Sample config for OSPF over VPN:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml