Re: PIX and OSPF help! (Revisited)
it is my understanding that a GRE tunnel is required for passing multicast traffic over a VPN link... however I won't even attempt to forge a working config here- you're better off checking CCO for that. GWA Nabil Fares wrote: > Greetings, > > I can't seem to find any information about PIX passing OSPF traffic between > routers. I'm trying to install a PIX515 between 2 regional routers. > > Router-C1--PIX515---Router-C2 > > Cisco recommends using the OSPF neighbor command, anyone out there used this > configuration before? Any information would be helpful. > > Thanks, > > Nabil > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and OSPF help! (Revisited)
You can always check: http://www.cisco.com/warp/public/471/top_issues/vpn/vpn_index.shtml There is a very large ( 2 meg plus ) document on CCO called ipsc_dg.pdf IPSec Design guide. You get to it through the www.cisco.com/tac link, but it can be a bit indirect, and the actual link to the document off the tac page is broken. I haven't tried in a while to download this document. You may need a CCO login to do so. Over 300 pages and tons of configuration examples. HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of gwakin Sent: Tuesday, January 02, 2001 9:19 AM To: [EMAIL PROTECTED] Subject: Re: PIX and OSPF help! (Revisited) it is my understanding that a GRE tunnel is required for passing multicast traffic over a VPN link... however I won't even attempt to forge a working config here- you're better off checking CCO for that. GWA Nabil Fares wrote: > Greetings, > > I can't seem to find any information about PIX passing OSPF traffic between > routers. I'm trying to install a PIX515 between 2 regional routers. > > Router-C1--PIX515---Router-C2 > > Cisco recommends using the OSPF neighbor command, anyone out there used this > configuration before? Any information would be helpful. > > Thanks, > > Nabil > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and OSPF help! (Revisited)
Hi, A GRE tunnel may be a way, but to simply pass OSPF through a PIX (which discard Mcast), you may change you OSPF network-type to non-broadcast and specify the neighbours, and OSPF will then use unicast. You add a conduit in your PIX config to allow traffic between your neighbours, it should do the job. Hope this helps, Jean-Marc On 02-Jan-01 gwakin wrote: > it is my understanding that a GRE tunnel is required for passing multicast > traffic over > a VPN link... however I won't even attempt to forge a working config here- > you're better > off checking CCO for that. > > GWA > > Nabil Fares wrote: > >> Greetings, >> >> I can't seem to find any information about PIX passing OSPF traffic between >> routers. I'm trying to install a PIX515 between 2 regional routers. >> >> Router-C1--PIX515---Router-C2 >> >> Cisco recommends using the OSPF neighbor command, anyone out there used this >> configuration before? Any information would be helpful. >> >> Thanks, >> >> Nabil >> >> _ >> FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- E-Mail: Jean-Marc Gilbert <[EMAIL PROTECTED]> Date: 03-Jan-01 Time: 22:52:17 -- _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and OSPF help! (Revisited)
Nabil, Looking back on my post to this thread I realized I forgot to answer the original question. Yes you can setup a GRE tunnel to pass your OSPF traffic from one router to another router. Below is a working config for a multipoint GRE tunnel that uses OSPF. This is just one config file from which four routers were participating in a multipoint GRE tunnel. What makes this interesting is that the hub router (which was not participating in OSPF) had no idea about the routes being exchanged by the four tail routers. This is very similiar to what you are trying to do (except for the multipoint tunnel). I think you should be able to glean what you are looking for from the following config. If not let me know. Don't forget to open up IP port 47 on your firewall so that tunnel traffic can get through. HTH, AQ 1 version 11.3 2 service timestamps debug uptime 3 service timestamps log uptime 4 no service password-encryption 5 ! 6 hostname Dwyer_Inc 7 ! 8 interface Loopback100 9 ip address 1.1.1.1 255.255.255.255 10 ! 11 interface Tunnel100 12 ip address 200.200.0.1 255.255.255.0 13 no ip redirects 14 ip nhrp map 200.200.0.2 192.168.20.2 15 ip nhrp network-id 200 16 ip nhrp nhs 200.200.0.2 17 ip ospf network non-broadcast 18 tunnel source Serial0 19 tunnel mode gre multipoint 20 tunnel key 200 221 ! 22 interface Ethernet0 23 ip address 200.200.110.1 255.255.255.0 24 ! 25 interface Serial0 26 ip address 192.168.10.2 255.255.255.0 27 ! 28 interface Serial1 29 no ip address 30 shutdown 31 ! 32 router eigrp 10 33 network 192.168.10.0 34 ! 35 router ospf 25 36 network 200.200.0.0 0.0.255.255 area 0 37 neighbor 200.200.0.2 priority 1 38 neighbor 200.200.0.3 priority 1 39 neighbor 200.200.0.4 priority 1 40 ! 41 ip classless 42 ! 43 ! 44 ! 45 line con 0 46 exec-timeout 0 0 47 line aux 0 48 line vty 0 4 49 exec-timeout 0 0 50 login 51 ! 52 end >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >gwakin >Sent: Tuesday, January 02, 2001 9:19 AM >To: [EMAIL PROTECTED] >Subject: Re: PIX and OSPF help! (Revisited) > >it is my understanding that a GRE tunnel is required for passing multicast >traffic over >a VPN link... however I won't even attempt to forge a working config here- >you're better >off checking CCO for that. > >GWA > >Nabil Fares wrote: > > > Greetings, > > > > I can't seem to find any information about PIX passing OSPF traffic >between > > routers. I'm trying to install a PIX515 between 2 regional routers. > > > > Router-C1--PIX515---Router-C2 > > > > Cisco recommends using the OSPF neighbor command, anyone out there used >this > > configuration before? Any information would be helpful. > > > > Thanks, > > > > Nabil > > > > _ > > FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ** Adam Quiggle Senior Network Engineer MCI Worldcom/NOC/BP Amoco [EMAIL PROTECTED] ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
