From: Brant I. Stevens (branto@branto.com)
Date: Fri Oct 14 2005 - 14:58:49 GMT-3
Is the requirement for dynamic rouuting? If so, then BGP would be the best
solution for something like this, provided that the routers on the inside
and outside are capable of using it.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
kevin gannon
Sent: Friday, October 14, 2005 1:34 PM
To: Feldman, Jim
Cc: Ccie Lab (E-mail)
Subject: Re: The PIX and RIP
Unless the PIX is in transparent mode the RIP will not get accross the PIX
as the TTL of a RIP packet is 1.
GRE is an option but then it will not be possible to inspect the traffic
within the GRE as all traffic will go over the GRE.
Regards
Kevin
On 10/14/05, Feldman, Jim <Jim.Feldman@amex.com> wrote:
>
> Hi Guys,
>
> I want 2 routers to pass rip updates to each other across a PIX firewall.
> The Pix is configured to allow UDP port 520 traffic.
>
> I can think of 2 potential ways to do this:
>
> 1) Use the command, "no validate source-update" because the 2 routers
> are on 2 different subnets.
>
> 2) Set up a gre tunnel across the pix between the 2 routers.
>
>
> Am I correct that both ways will work?
>
> If so, is one way considered better?
>
> TIA, Jim
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3