From: sean@ttank.com
Date: Tue Sep 03 2002 - 22:05:56 GMT-3
Charles,
If you are talking about PIX firewall, it does not have support for routing
protocols.
But, as far as I know, you have two options to allow routing protocols
through PIX:
1. configure a static route or default route on the outside interface and
define a conduit
for a particular routing protocol, for example:
route outside ip_address netmask gateway_ip
conduit permit ospf host sourec_addr host dest_addr
Also, a static NAT pointer, if NAT is involved:
static (inside,outside) outside_ip_address inside_ip_address netmask mask
2. use IPSec tunneling between routing end-points through PIX, you need to
config below:
sysopt connection permit-ipsec
And the regular IPSec, ISAKMP configurations you'd need to make IPSec work.
HTH.
- Sean Liu
CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I
Think Tank Systems, LLC
|--------+---------------------------->
| | "Charles Huang" |
| | <routing@icharles.|
| | no-ip.com> |
| | Sent by: |
| | nobody@groupstudy.|
| | com |
| | |
| | |
| | 09/03/2002 01:15 |
| | PM |
| | Please respond to |
| | "Charles Huang" |
| | |
|--------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------|
| |
| To: "Paul Borghese" <pborghese@groupstudy.com>, "Charles Huang" <routing@icharles.no-ip.com>, "CCIE" |
| <ccielab@groupstudy.com> |
| cc: |
| Subject: RE: Passing Routing information across Firewall |
>------------------------------------------------------------------------------------------------------------------------|
firewall does not support any routing protocol ( only static routes ).
I would like to use either EIGRP, OSPF or even RIP would be fine too.
-----Original Message-----
From: Paul Borghese [mailto:pborghese@groupstudy.com]
Sent: Tuesday, September 03, 2002 9:51 AM
To: Charles Huang; CCIE
Subject: Re: Passing Routing information across Firewall
Which routing protocol are you using? Which firewall are you using? PIX
or
Router with Firewall featureset?
Paul
----- Original Message -----
From: "Charles Huang" <routing@icharles.no-ip.com>
To: "CCIE" <ccielab@groupstudy.com>
Sent: Tuesday, September 03, 2002 3:18 PM
Subject: OT: Passing Routing information across Firewall
> Hi All,
>
> This may be a bit OT.
>
> does anybody know how to pass routing formation across the firewall ?
> tunnel would be an option to pass routing updates ONLY. The "normal" IP
> traffic should still passes through the firewall. Assuming the firewall
> does not support any routing protocol. Here is a little diagram hope it
> might clarify the question.
>
>
10.1.1.0/24--R1--192.168.1.0/24--Firewall--192.168.2.0/24--R2--10.2.2.0/24
>
> R2 needs to learn 10.1.1.0/24 from R1
> R1 needs to learn 10.2.2.0/24 from R2
> tunnel between R1 & R2 is an option. but only to pass route update/hello
> only.
> all IP traffic must route through the firewall.
>
>
> Any help would be appreciated
> Thanks in advance
> Charles
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:43 GMT-3