From: Roberts, Larry (Larry.Roberts@expanets.com)
Date: Tue Sep 03 2002 - 23:26:17 GMT-3
Point of correction.
The PIX can listen to RIP updates, and can send out a RIP default route.
6.3 will supposedly support OSPF as well, but that is hearsay at this point.
( version 5.2(5) shown below )
PIXFIREWALL(config)# rip ?
usage: [no] rip <if_name> default|passive [version <1|2>] [authentication
<text|
md5> <key> <key id>]
Thanks
Larry
-----Original Message-----
From: sean@ttank.com [mailto:sean@ttank.com]
Sent: Tuesday, September 03, 2002 8:06 PM
To: ccielab@groupstudy.com
Cc: nobody@groupstudy.com; pborghese@groupstudy.com;
routing@icharles.no-ip.com
Subject: RE: Passing Routing information across Firewall
Charles,
If you are talking about PIX firewall, it does not have support for routing
protocols. But, as far as I know, you have two options to allow routing
protocols through PIX:
1. configure a static route or default route on the outside interface and
define a conduit for a particular routing protocol, for example:
route outside ip_address netmask gateway_ip
conduit permit ospf host sourec_addr host dest_addr
Also, a static NAT pointer, if NAT is involved:
static (inside,outside) outside_ip_address inside_ip_address netmask mask
2. use IPSec tunneling between routing end-points through PIX, you need to
config below: sysopt connection permit-ipsec
And the regular IPSec, ISAKMP configurations you'd need to make IPSec work.
HTH.
- Sean Liu
CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I
Think Tank Systems, LLC
|--------+---------------------------->
| | "Charles Huang" |
| | <routing@icharles.|
| | no-ip.com> |
| | Sent by: |
| | nobody@groupstudy.|
| | com |
| | |
| | |
| | 09/03/2002 01:15 |
| | PM |
| | Please respond to |
| | "Charles Huang" |
| | |
|--------+---------------------------->
>---------------------------------------------------------------------------
---------------------------------------------|
|
|
| To: "Paul Borghese" <pborghese@groupstudy.com>, "Charles
Huang" <routing@icharles.no-ip.com>, "CCIE" |
| <ccielab@groupstudy.com>
|
| cc:
|
| Subject: RE: Passing Routing information across Firewall
|
>---------------------------------------------------------------------------
---------------------------------------------|
firewall does not support any routing protocol ( only static routes ). I
would like to use either EIGRP, OSPF or even RIP would be fine too.
-----Original Message-----
From: Paul Borghese [mailto:pborghese@groupstudy.com]
Sent: Tuesday, September 03, 2002 9:51 AM
To: Charles Huang; CCIE
Subject: Re: Passing Routing information across Firewall
Which routing protocol are you using? Which firewall are you using? PIX or
Router with Firewall featureset?
Paul
----- Original Message -----
From: "Charles Huang" <routing@icharles.no-ip.com>
To: "CCIE" <ccielab@groupstudy.com>
Sent: Tuesday, September 03, 2002 3:18 PM
Subject: OT: Passing Routing information across Firewall
> Hi All,
>
> This may be a bit OT.
>
> does anybody know how to pass routing formation across the firewall ?
> tunnel would be an option to pass routing updates ONLY. The "normal"
> IP traffic should still passes through the firewall. Assuming the
> firewall does not support any routing protocol. Here is a little
> diagram hope it might clarify the question.
>
>
10.1.1.0/24--R1--192.168.1.0/24--Firewall--192.168.2.0/24--R2--10.2.2.0/24
>
> R2 needs to learn 10.1.1.0/24 from R1
> R1 needs to learn 10.2.2.0/24 from R2
> tunnel between R1 & R2 is an option. but only to pass route
> update/hello only. all IP traffic must route through the firewall.
>
>
> Any help would be appreciated
> Thanks in advance
> Charles
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:43 GMT-3