You 'could' pass a BGP session with a route-map to set next-hop
correctly for both sides of the session. But you still have the issue
of what routes you are advertising across any NAT.
The challenge you have is extracting value from running some dynamic
routing over a statically configured dev
Pat,
Getting a PIX to pass OSPF would require one of two methods: Routing or
NAT. First, the PIX isn't a router, and if it were it still wouldn't work
since OSPF LSAs are sent to the non-routable 224.0.0.5/6 addresses (as
well as have a TTL of 1). NAT is not a viable alternative as NAT will no
The best way to tackle this, without a doubt, is roll a GRE tunnel. There's
tons of documentation on this.
-B
Robert LaGrasse
CCIE #5044 (R/S & ISP/Dial)
[EMAIL PROTECTED]
""Patrick Ramsey"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> First thought is that this will not work
ble explanation.
If your game, try the above config and see if OSPF will work.
HTH,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
pat
Sent: Tuesday, October 30, 2001 2:42 PM
To: [EMAIL PROTECTED]
Subject: Re: OSPF across PIX [7:24608]
Thanks fo
tatic translation on either end.
Chuck
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Allen May
Sent: Tuesday, October 30, 2001 5:15 PM
To: [EMAIL PROTECTED]
Subject: Re: OSPF across PIX [7:24608]
OK maybe...but wouldn't that be translating an IP a
ble explanation.
If your game, try the above config and see if OSPF will work.
HTH,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
pat
Sent: Tuesday, October 30, 2001 2:42 PM
To: [EMAIL PROTECTED]
Subject: Re: OSPF across PIX [7:24608]
Thanks fo
Behalf Of
Allen May
Sent: Tuesday, October 30, 2001 7:15 PM
To: [EMAIL PROTECTED]
Subject: Re: OSPF across PIX [7:24608]
OK maybe...but wouldn't that be translating an IP address of the
neighboring
router to something it really isn't & botch up the OSPF table on the
remote
route
n't be done but I'm always open
to finding ways to do the impossible ;)
- Original Message -
From: "Gareth Hinton"
To:
Sent: Tuesday, October 30, 2001 6:35 PM
Subject: Re: OSPF across PIX [7:24608]
> Can you set up a network address translation both ways so that the r
Can you set up a network address translation both ways so that the routers
think they're talking to a router on the same subnet?
Big guessing going on here (on my part).
Gareth
""pat"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thanks for your repply.
>
> When I try to s
Thanks for your repply.
When I try to specify outside router as neighbor using
neighbor command
I get "OSPF: Neighbor address does not map to an
interface". How do I resolve
this issue ?
What do you mean by "If you are doing NAT then a
global and
nat combination need to represent the internal
: OSPF across PIX [7:24608]
ahhh.. I may have to investigate this... This is interesting. I didn't
realize pix had this abillity!
-Patrick
>>> "Engelhard M. Labiro" 10/30/01 12:26AM >>>
Pat,
Since OSPF uses IP protocol 89, permit this protocol between
the
ahhh.. I may have to investigate this... This is interesting. I didn't
realize pix had this abillity!
-Patrick
>>> "Engelhard M. Labiro" 10/30/01 12:26AM >>>
Pat,
Since OSPF uses IP protocol 89, permit this protocol between
the two OSPF routers with access-list applied at outside and inside
First thought is that this will not work. imagine this and tell me what you
think.
In pix, your acl's are based on tcp/udp/icmp these all are protocols,
like ospf is it's own protocol... since ospf (protocol 89) is separate,
opening up a port dealing with tcp/udp/icmp would be completely use
Sorry, replying my own message.
The access-list below assumes that you are able to
use nat 0 command (no NAT translation will occur
for the internal IP addressess to be seen from outside
network). If you are doing NAT then a global and
nat combination need to represent the internal IP addresses
to
Pat,
Since OSPF uses IP protocol 89, permit this protocol between
the two OSPF routers with access-list applied at outside and inside
PIX interfaces, something like this:
access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2
access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1
access-group 101 inter
15 matches
Mail list logo