after two days of awaiting "moderation" i figured i would just repost from the account i'm subscribed from. sigh.
- brett ---------- Forwarded message ---------- Date: Wed, 3 Apr 2002 08:37:53 -0800 (PST) From: Brett Eldridge <[EMAIL PROTECTED]> To: Burke McCrory <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: PIX and OSPF updates On Fri, 29 Mar 2002, Burke McCrory wrote: > I am trying to put a PIX into a network that uses OSPF between its > routers. So far I haven't been able to find a way to allow the OSPF > updates to pass through the PIX. Does anyone have any ideas or > suggestions? Thanks. the problem you are running into is the OSPF uses multicast by default and the pix won't (and shouldn't) route multicast. one solution i have used to this solve problem is to force OSPF to use NBMA mode (effectively point-to-point routing updates). each OSPF node is told a specific neighbor to send updates to. i've used both GateD and IOS in these situations (and both with MD5 auth). i'm not sure if NBMA can be used between different subnets though. i haven't tried this through the pix and i'm not sure the pix can be told to allow ip protocol 89 between specific IP addresses on different interfaces. - brett _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
