You 'could' pass a BGP session with a route-map to set next-hop correctly for both sides of the session. But you still have the issue of what routes you are advertising across any NAT.
The challenge you have is extracting value from running some dynamic routing over a statically configured device(PIX). There are a few cases where it makes sense but not many. Darrell Tom Martin wrote: > > Pat, > > Getting a PIX to pass OSPF would require one of two methods: Routing or > NAT. First, the PIX isn't a router, and if it were it still wouldn't work > since OSPF LSAs are sent to the non-routable 224.0.0.5/6 addresses (as > well as have a TTL of 1). NAT is not a viable alternative as NAT will not > change the payload of OSPF packets, a requirement as networks would appear > differently on one side than on the other. > > An alternative, although it probably introduces an unwanted security > problem is to allow an IP-IP or GRE tunnel through the firewall. With > OSPF packets encapsulated inside the tunnel NAT becomes a non-issue. Of > course, if you implement this type of solution you could encrypt data sent > through the tunnel which is better than nothing -- but I would not > implement a solution like this for long-term use. > > - Tom > > In article , "Patrick Ramsey" > wrote: > > > First thought is that this will not work. imagine this and tell me what > > you think. > > > > In pix, your acl's are based on tcp/udp/icmp.... these all are > > protocols, like ospf is it's own protocol... since ospf (protocol 89) is > > separate, opening up a port dealing with tcp/udp/icmp would be > > completely useless. > > > > -Patrick > > > >>>> "pat" 10/29/01 11:01PM >>> > > Does anybody has any ideas on how to run OSPF across firewall. What > > ports to be open & how to make router esablish nighbour relations across > > firewall. > > > > Any thought on this will be greatly appriciated. > > > > Thanks, > > patterson. > > > > __________________________________________________ Do You Yahoo!? Make a > > great connection at Yahoo! Personals. http://personals.yahoo.com > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34358&t=24608 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
