RE: Passing Routing information across Firewall

From: ted.mcdermott@exeloncorp.com
Date: Tue Sep 03 2002 - 14:29:13 GMT-3

• Next message: MADMAN: "Re: Frame-Relay PVC/interface go down"
• Previous message: Cade Wagner: "FW: set cam / span"
• Maybe in reply to: Dan Lockwood: "RE: Passing Routing information across Firewall"
• Next in thread: Roberto Giana: "RE: Passing Routing information across Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Charles,

        It depends on the routing protocol you need to pass. Often, it's
BGP. You do that by 1) allowing TCP connectivity between the end points,
such as the IP addresses of the interior and exterior router, and then 2)
allowing the routing protocol port number, in the case of BGP, TCP port 179,
to flow between the same two routers.

Ted

-----Original Message-----
From: Dan Lockwood [mailto:dlockwood@shastalink.k12.ca.us]
Sent: Tuesday, September 03, 2002 12:49 PM
To: Charles Huang; CCIE
Subject: RE: Passing Routing information across Firewall

There is a TAC article that talks about using GRE tunnels to pass
routing information.

http://www.cisco.com/warp/public/707/tunnel_pix.shtml

-----Original Message-----
From: Charles Huang [mailto:routing@icharles.no-ip.com]
Sent: Tuesday, September 03, 2002 12:19 PM
To: CCIE
Subject: OT: Passing Routing information across Firewall

Hi All,

This may be a bit OT.

does anybody know how to pass routing formation across the firewall ?
tunnel would be an option to pass routing updates ONLY. The "normal" IP
traffic should still passes through the firewall. Assuming the firewall
does not support any routing protocol. Here is a little diagram hope it
might clarify the question.

10.1.1.0/24--R1--192.168.1.0/24--Firewall--192.168.2.0/24--R2--10.2.2.0/
24

R2 needs to learn 10.1.1.0/24 from R1
R1 needs to learn 10.2.2.0/24 from R2
tunnel between R1 & R2 is an option. but only to pass route
update/hello only. all IP traffic must route through the firewall.

Any help would be appreciated
Thanks in advance
Charles
************************************************************************
This e-mail and any of its attachments may contain Exelon Corporation
proprietary information, which is privileged, confidential, or subject
to copyright belonging to the Exelon Corporation family of Companies.
This e-mail is intended solely for the use of the individual or entity
to which it is addressed. If you are not the intended recipient of this
e-mail, you are hereby notified that any dissemination, distribution,
copying, or action taken in relation to the contents of and attachments
to this e-mail is strictly prohibited and may be unlawful. If you have
received this e-mail in error, please notify the sender immediately and
permanently delete the original and any copy of this e-mail and any
printout. Thank You.
************************************************************************

• Next message: MADMAN: "Re: Frame-Relay PVC/interface go down"
• Previous message: Cade Wagner: "FW: set cam / span"
• Maybe in reply to: Dan Lockwood: "RE: Passing Routing information across Firewall"
• Next in thread: Roberto Giana: "RE: Passing Routing information across Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:42 GMT-3