con 0
46 exec-timeout 0 0
47 line aux 0
48 line vty 0 4
49 exec-timeout 0 0
50 login
51 !
52 end
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
gwakin
Sent: Tuesday, January 02, 2001 9:19 AM
To: [EMAIL PROTECTED]
Subject:Re: PIX
Hi,
A GRE tunnel may be a way, but to simply pass OSPF through a PIX (which discard
Mcast), you may change you OSPF network-type to non-broadcast and specify the
neighbours, and OSPF will then use unicast. You add a conduit in your PIX
config to allow traffic between your neighbours, it should do
it is my understanding that a GRE tunnel is required for passing multicast traffic over
a VPN link... however I won't even attempt to forge a working config here- you're
better
off checking CCO for that.
GWA
Nabil Fares wrote:
Greetings,
I can't seem to find any information about PIX
: Tuesday, January 02, 2001 9:19 AM
To: [EMAIL PROTECTED]
Subject:Re: PIX and OSPF help! (Revisited)
it is my understanding that a GRE tunnel is required for passing multicast
traffic over
a VPN link... however I won't even attempt to forge a working config here-
you're better
off checking CCO
PIX won't forward multicast packets as it's a pretty big security risk.. the
way around this for OSPF is to treat the segment with the PIX as a
Non-broadcast network.. OSPF won't try to send updates via the 224.0.0.4
multicast address on Non-broadcast networks, instread you use the "neighor"
Greetings all,
Please forgive me if am asking the same question over and over.
What is the best way to configure the PIX to pass OSPF (Multicast traffic).
I'm adding PIX firewall to regional sites and need to pass OSPF.
Cloud-router--PIX-router
thanks,
Sent: Tuesday, September 19, 2000 9:39 PM
To: John Kaberna
Cc: [EMAIL PROTECTED]; Lorenzo Montezemolo
Subject: Re: PIX and OSPF
But what about the routing updates that needs to be multi casted between the
two
OSPF routers.
"John Kaberna" [EMAIL PROTECTED] on 09/20/2000 02:57:47 AM
this (let me
know if interested).
Sorry guys about this email to John.
Nabil
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Kaberna
Sent: Tuesday, September 19, 2000 8:09 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: PIX and OSPF
Ah yes
6:33 AM
Subject: RE: PIX and OSPF
John,
I'm not asking you to do my work, especially you! You seem very useless at
this point, repeating other members' comments. I thought this list is to
get suggestions, and help each other out. Now, for the second part of
your
question, I would be more
Greetings,
I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be
installing a PIX between 2 7XXX router:
Router-C1--PIX515--Router-C2
OSPF OSPF
Do I've to do anything special on PIX to pass OSPF? Any help is great.
Coming back to the
you can put an explicit neighboring between the routers to avoid using
multicast. then you need to put a coumple conduits to let ospf passtrough.
-Mensaje original-
De: Nabil Fares [SMTP:[EMAIL PROTECTED]]
Enviado el: Tuesday, September 19, 2000 2:38 PM
Para: [EMAIL PROTECTED]
How would this work if NAT were in place? We're thinking about doing
something similar where we have our ISP-managed router passing
default-network information from outside, through the PIX, and to the
inside. Any thoughts?
Lorenzo
""Omar Baceski"" [EMAIL PROTECTED] wrote in message
[EMAIL
Don't pass any info from the ISP inside. Use the PIX as your default
gateway for outbound traffic and on the PIX point the default to the inside
ethernet of your Internet router. On the Internet router point to your
ISP. Very standard practice.
John
Lorenzo Montezemolo [EMAIL PROTECTED]
you can put an explicit neighboring between the routers to avoid using
multicast. then you need to put a coumple conduits to let ospf passtrough.
But why do you want to pass through? It seems counter to good
security practice.
-Mensaje original-
De:Nabil Fares
, September 19, 2000 6:13 PM
Para: [EMAIL PROTECTED]
Asunto: RE: PIX and OSPF
you can put an explicit neighboring between the routers to avoid using
multicast. then you need to put a coumple conduits to let ospf
passtrough.
But why do you want to pass through? It seems counter to good
Like Howard mentioned early. Why would you do this?
- Original Message -
From: Omar Baceski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 19, 2000 3:05 PM
Subject: RE: PIX and OSPF
let me explain
you must make a conduit that let pass the ospf unicast traffic
let me explain
you must make a conduit that let pass the ospf unicast traffic from JUST one
router to the other. and if you are really paranoid you can put md5 auth on
both routers too.
I understand how to pass routing traffic. The question is -- why?
What good does it do for the DMZ to
el: Tuesday, September 19, 2000 7:35 PM
Para: Omar Baceski; [EMAIL PROTECTED]
Asunto: Re: PIX and OSPF
Like Howard mentioned early. Why would you do this?
- Original Message -
From: Omar Baceski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 19, 2000 3
You are still not making any sense at all. Why do you want your internal
network to share routing info with your Internet router?
- Original Message -
From: Omar Baceski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 19, 2000 4:10 PM
Subject: RE: PIX and OSPF
Ah yes Omar. Hey Fares we cannot do your work for you. Care to enlighten
us why you would want to do this?
John
- Original Message -
From: Omar Baceski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 19, 2000 4:41 PM
Subject: RE: PIX and OSPF
this is not my
[EMAIL PROTECTED] (bcc: Abdul
Mateen/Satyam)
Subject: Re: PIX and OSPF
Don't pass any info from the ISP inside. Use the PIX as your default gateway
for outbound traffic and on the PIX point the default to the inside ethernet of
your Internet router. On the Internet router point to you
21 matches
Mail list logo
