OSPF across PIX [7:24608]

2001-10-29 Thread pat
Does anybody has any ideas on how to run OSPF across firewall. What ports to be open & how to make router esablish nighbour relations across firewall. Any thought on this will be greatly appriciated. Thanks, patterson. __ Do You Yahoo!? Make a gre

Re: OSPF across PIX [7:24608]

2002-02-04 Thread Tom Martin
Pat, Getting a PIX to pass OSPF would require one of two methods: Routing or NAT. First, the PIX isn't a router, and if it were it still wouldn't work since OSPF LSAs are sent to the non-routable 224.0.0.5/6 addresses (as well as have a TTL of 1). NAT is not a viable alternative as NAT will no

Re: OSPF across PIX [7:24608]

2002-02-04 Thread Darrell Newcomb
You 'could' pass a BGP session with a route-map to set next-hop correctly for both sides of the session. But you still have the issue of what routes you are advertising across any NAT. The challenge you have is extracting value from running some dynamic routing over a statically configured dev

Re: OSPF across PIX [7:24608]

2001-10-29 Thread Engelhard M. Labiro
ject: OSPF across PIX [7:24608] > Does anybody has any ideas on how to run OSPF across > firewall. What ports to be open & how to make router > esablish nighbour relations across firewall. > > Any thought on this will be greatly apprici

Re: OSPF across PIX [7:24608]

2001-10-29 Thread Engelhard M. Labiro
ts. > > Hope you get the idea. > > - Original Message - > From: "pat" > To: > Sent: Tuesday, October 30, 2001 1:01 PM > Subject: OSPF across PIX [7:24608] > > > > Does anybody has any ideas on how to run OSPF across > > firewall. What por

Re: OSPF across PIX [7:24608]

2001-10-30 Thread Patrick Ramsey
First thought is that this will not work. imagine this and tell me what you think. In pix, your acl's are based on tcp/udp/icmp these all are protocols, like ospf is it's own protocol... since ospf (protocol 89) is separate, opening up a port dealing with tcp/udp/icmp would be completely use

Re: OSPF across PIX [7:24608]

2001-10-30 Thread Patrick Ramsey
hey can speak each other directly without multicasting the hello packets. Hope you get the idea. - Original Message - From: "pat" To: Sent: Tuesday, October 30, 2001 1:01 PM Subject: OSPF across PIX [7:24608] > Does anybody has any ideas on how to run OSPF across > fir

RE: OSPF across PIX [7:24608]

2001-10-30 Thread Mark Smith
: OSPF across PIX [7:24608] ahhh.. I may have to investigate this... This is interesting. I didn't realize pix had this abillity! -Patrick >>> "Engelhard M. Labiro" 10/30/01 12:26AM >>> Pat, Since OSPF uses IP protocol 89, permit this protocol between the

Re: OSPF across PIX [7:24608]

2001-10-30 Thread pat
e > > access-group 102 interface outside > > > > At the OSPF routers, put neighbour command, so > they can speak > > each other directly without multicasting the hello > packets. > > > > Hope you get the idea. > > > > - Original Message

Re: OSPF across PIX [7:24608]

2001-10-30 Thread Gareth Hinton
interfaces, something like this: > > > access-list 101 permit 89 host 1.1.1.1 host > > 2.2.2.2 > > > access-list 102 permit 89 host 2.2.2.2 host > > 1.1.1.1 > > > access-group 101 interface inside > > > access-group 102 interface outside > >

Re: OSPF across PIX [7:24608]

2001-10-30 Thread Allen May
n't be done but I'm always open to finding ways to do the impossible ;) - Original Message - From: "Gareth Hinton" To: Sent: Tuesday, October 30, 2001 6:35 PM Subject: Re: OSPF across PIX [7:24608] > Can you set up a network address translation both ways so that the r

RE: OSPF across PIX [7:24608]

2001-10-31 Thread Jay Creasy
Behalf Of Allen May Sent: Tuesday, October 30, 2001 7:15 PM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] OK maybe...but wouldn't that be translating an IP address of the neighboring router to something it really isn't & botch up the OSPF table on the remote route

RE: OSPF across PIX [7:24608]

2001-10-31 Thread Kent Hundley
ble explanation. If your game, try the above config and see if OSPF will work. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of pat Sent: Tuesday, October 30, 2001 2:42 PM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] Thanks fo

RE: OSPF across PIX [7:24608]

2001-10-31 Thread Chuck Larrieu
tatic translation on either end. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Allen May Sent: Tuesday, October 30, 2001 5:15 PM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] OK maybe...but wouldn't that be translating an IP a

RE: OSPF across PIX [7:24608]

2001-10-31 Thread Kent Hundley
ble explanation. If your game, try the above config and see if OSPF will work. HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of pat Sent: Tuesday, October 30, 2001 2:42 PM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] Thanks fo

Re: OSPF across PIX [7:24608]

2001-11-01 Thread Someone
The best way to tackle this, without a doubt, is roll a GRE tunnel. There's tons of documentation on this. -B Robert LaGrasse CCIE #5044 (R/S & ISP/Dial) [EMAIL PROTECTED] ""Patrick Ramsey"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > First thought is that this will not work