Just a FYI, bgp seems to be about the only protocol you can pass through a pix without some nasty GRE tunnel.
--- Jason Ostrom <[EMAIL PROTECTED]> wrote: > Burke, > > What have you attempted so far in order to resolve > and on which > devices, the PIX or upstream/downstream router? > > The PIX doesn't support dynamic routing protocols > such as OSPF, only static/default routes. > To me this would seem good so the PIX is dedicated > to security (stateful inspection/packet > filtering) and then allow the router to make the > intelligent routing > decisions. > > In order to allow the OSPF updates to pass through > the PIX, you need to > configure the routers to redistribute[1] the static > routes received from > the PIX into OSPF. Concentrate on what is being > received from the PIX on the > routers, and less on the PIX configuration. > > Without more information on the network topology and > security > requirements, it's difficult to say for sure what > you need to do on the > other routers. You could do a configuration like > this [2] for two > networks to connect between the PIX, but that is for > a static route on the > routers. If you go with OSPF, then you definitely > need to redistribute. > Because it only uses static routes, the suggested > configuration also begs > the question of why you need the PIX placed between > possibly two different OSPF > areas. Shouldn't the PIX be placed closer to the > network you are protecting? > > > [1] Redistributing Routing > Protocols, > http://www.cisco.com/warp/public/105/redist.html > [2] Configuring the PIX Firewall with Two Internal > Networks, > > http://www.cisco.com/warp/public/110/19b.html > > -jason > > On Fri, 29 Mar 2002, Burke McCrory wrote: > > > I am trying to put a PIX into a network that uses > OSPF between its > > routers. So far I haven't been able to find a way > to allow the OSPF > > updates to pass through the PIX. Does anyone have > any ideas or > > suggestions? Thanks. > > > > > > Burke McCrory > > Internet Administrator > > Oklahoma Tax Commission > > [EMAIL PROTECTED] > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls __________________________________________________ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
