08-18-2005 03:35 PM - edited 02-21-2020 01:55 PM
I have read this works and have attempted to configure this with a Netscreen running version 5.2.
The netscreen sends the hello's and the Pix recieves them. I can only get the PIX to send them (what looks to be) in the clear when I enable OSPF on the outside interface. How do I get the PIX to send OSPF over the tunnel. Has any body got this working even between two PIX's?? a config example of that would help me a lot.
Thanks,
Heath
08-18-2005 11:33 PM
Hi,
Have you added the necessary entry to the crypto ACL so that OSPF traffic takes the tunnel?
eg: access-list cryptomap_acl extended permit ospf interface outside host x.x.x.x
HTH
Regards,
Shijo George.
08-19-2005 03:54 AM
Hi,
My crypto mao included the private subnets of each site. I had not done an OSPF entry in the ACL.
Would I not use the Inside as the source? and what about the Dest - should that be the Router_ID of the remote PIX?
Thanks,
08-19-2005 06:59 AM
Hi,
Sample config for OSPF over VPN:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide