RE: EIGRP and firewalls

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Jun 08 2004 - 15:14:23 GMT-3

• Next message: Ahmed Mustafa: "Re: CCIE Wording"
• Previous message: Joseph D. Phillips: "FW: EIGRP and firewalls"
• Maybe in reply to: Joseph D. Phillips: "EIGRP and firewalls"
• Next in thread: Patrick Torney: "Re: EIGRP and firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joseph,

        Why not just run a GRE tunnel between the routers and keep the
EIGRP information transparent from the firewall's perspective?

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Joseph D. Phillips
> Sent: Tuesday, June 08, 2004 12:05 PM
> To: Group Study (E-mail)
> Subject: EIGRP and firewalls
>
> I would guess that you can't form a neighborship between an EIGRP
speaker
> with a public address and an EIGRP speaker behind a firewall whose
address
> is in the private range, thanks to network address translation.
>
> I should think, however, that there are ways of configuring firewalls
to
> allow the multicast hello traffic transit to the necessary interfaces.
The
> firewall I use at work does routing as well.
>
>
>
> -----Original Message-----
> From: Joe Chang [mailto:changjoe@earthlink.net]
> Sent: Tuesday, June 08, 2004 09:54
> To: Victor Kasacavage; Moreau, Franck; ccielab@groupstudy.com; 'Dan'
> Subject: Re: My first but not last :( - Need your help.
>
>
> I guess the question would be whether the firewall can alter the IP
> information in EIGRP's RTP packets. Would a Cisco manufactured
firewall be
> able to do that?
>
> By the way, that's some great advice, thank you Victor.
>
> > RTR A ---- FIREWALL --- RTR B
> >
> > RTR A and RTR B use EIGRP. Make the routes in RTR A appear on RTR B
> > routing table.
> >
> > Now, what is the problem being presented
> > what are the possible options
> > which is the best possible solution
> >
> > The problem is that EIGRP doesn't work through firewalls.....why? It
is
> > very important to understand the why part as this will let you know
if
> you
> > really understand how EIGRP works (I'll leave this one up to the
group)
>
>

• Next message: Ahmed Mustafa: "Re: CCIE Wording"
• Previous message: Joseph D. Phillips: "FW: EIGRP and firewalls"
• Maybe in reply to: Joseph D. Phillips: "EIGRP and firewalls"
• Next in thread: Patrick Torney: "Re: EIGRP and firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:35 GMT-3