Re: OT: Passing Routing information across Firewall

From: Hansang Bae (hbae@nyc.rr.com)
Date: Wed Sep 04 2002 - 01:44:09 GMT-3

• Next message: sean@ttank.com: "RE: set cam / span"
• Previous message: Hansang Bae: "Re: Frame-Relay PVC/interface go down"
• Maybe in reply to: Charles Huang: "OT: Passing Routing information across Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At 12:18 PM 9/3/2002 -0700, Charles Huang wrote:
>Hi All,
>This may be a bit OT.
>does anybody know how to pass routing formation across the firewall ?
>tunnel would be an option to pass routing updates ONLY. The "normal" IP
>traffic should still passes through the firewall. Assuming the firewall
>does not support any routing protocol. Here is a little diagram hope it
>might clarify the question.
>
>10.1.1.0/24--R1--192.168.1.0/24--Firewall--192.168.2.0/24--R2--10.2.2.0/24
>
>R2 needs to learn 10.1.1.0/24 from R1
>R1 needs to learn 10.2.2.0/24 from R2
>tunnel between R1 & R2 is an option. but only to pass route update/hello
>only.
>all IP traffic must route through the firewall.

BGP is the way go whenever a FW is concerned. Trying to detect remote side failure can be quite difficult w/o using BGP.

hsb

• Next message: sean@ttank.com: "RE: set cam / span"
• Previous message: Hansang Bae: "Re: Frame-Relay PVC/interface go down"
• Maybe in reply to: Charles Huang: "OT: Passing Routing information across Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:43 GMT-3