On Fri, 29 Mar 2002, Burke McCrory wrote: > I am trying to put a PIX into a network that uses OSPF between its > routers. So far I haven't been able to find a way to allow the OSPF > updates to pass through the PIX. Does anyone have any ideas or > suggestions? Thanks.
the problem you are running into is the OSPF uses multicast by default and the pix won't (and shouldn't) route multicast. one solution i have used to this solve problem is to force OSPF to use NBMA mode (effectively point-to-point routing updates). each OSPF node is told a specific neighbor to send updates to. i've used both GateD and IOS in these situations (and both with MD5 auth). i haven't tried this through the pix and i'm not sure the pix can be told to allow ip protocol 89 between specific IP addresses on different interfaces. - brett _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
