Dave,
W2K Server comes with an optional routing package that includes OSPF. For NT you can install the "Routing and RAS" package which also includes OSPF: <http://www.microsoft.com/ntserver/nts/downloads/winfeatures/rras/rrasdown.a sp> I played around with the R&R package in a lab some time ago and it was functional, YMMV. HTH, Kent ------------------------------------------------------------------------- Howdy, folks. I've been monitoring/researching threads re: OSPF neighbors separated by a firewall. I've worked and worked on this, and have given up on the notion (BTW, it boils down to hellos [both multicast and unicast] being sent with a TTL of 1, *not* simply opening the right ports/protocols). Too many people that have never touched a sniffer keep commenting on this OSPF issue. Onward... For security reasons, I don't like the idea of tunneling OSPF through the firewall (via GRE or whatever), because there's no way for the firewall to apply policy to the tunnel traffic (if the tunnel were maliciously used to pass non-OSPF traffic, the firewall would be oblivious). Many contributors out there seem to feel that passing routing info across a firewall is a "bad thing." A firewall *is* a router (and by virtue, it has an obligation to participate in enterprise routing), but let's consider real-life needs, such as bringing B2B connections through your firewall (a "good thing"). If I have frame and VPN routers sitting on an isolated leg of the firewall, I *certainly* need to know about those routes as they pop up and down (static = "bad thing"). Although I do not terminate VPN connections *on* my firewalls, the firewall should be able to inject those routes into your routing environment, as well. Now, I'm now trying to locate an OSPF product that can be installed *on* the firewall. The Nokia implementation natively supports several routing protocols, but I'm running v4.1 SP5 on NT Enterprise. I'm not concerned about the security implications, because it's easy enough to block OSPF on/from interfaces, hosts, nets, etc. GateD *sounded* cool, until I learned that it's only available on Unix (comments withheld, so please point your flame throwers elsewhere). So, does anyone out there have a recommendation for (or any successes with) an OSPF module that can be installed under NT/2000? Much appreciated. Dave Row CCNA, MCSE, CCSA Senior Network Analyst -- Firewalls mailing list - [ [EMAIL PROTECTED] ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html
