DOH! Missed a layer in the second diagram. Sorry.
Well it's kind of ugly, but you *could* configure a GRE tunnel between
two routers that are behind the firewalls, and configure the firewalls
to pass GRE for the routers. Then you can run EIGRP through the GRE
tunnel. This is the way I do it when I replace a Frame Relay network
with a VPN based one, the only difference being that both the VPN tunnel
and the GRE tunnel begin and terminate on the routers with no firewalls
in between.
Ugly, but answers your question directly and will work:
R1------FW1---------FW2------R2
IPSEC-----IPSEC
GRE-------------------------GRE
EIGRP---------------------EIGRP
Better Topology:
R1---------------------------R2
IPSEC---------------------IPSEC
GRE-------------------------GRE
EIGRP---------------------EIGRP
-----Original Message-----
From: Symon Thurlow [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 24, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] EIGRP through checkpoing ng site-to-site vpn
EIGRP relies on Multicast, so it might be difficult.... -----Original
Message-----
From: Gill, Craig [mailto:[EMAIL PROTECTED]]
Sent: 24 September 2002 15:26
To: [EMAIL PROTECTED]
Subject: [FW-1] EIGRP through checkpoing ng site-to-site vpn
Is there anyway to get cisco's eigrp working through a site-to-site vpn?
Craig
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
