From: maureen schaar (maureen.schaar@gmail.com)
Date: Tue Mar 27 2007 - 15:52:13 ART
Assuming running a dynamic protocol through the firewall fits into
your security policies....
On 3/27/07, nem chua <nemthuduc@gmail.com> wrote:
> so it looks like ibgp or EBGP is the only way to get these routes from
> behind the firewall to pass routes into the internal network. I just like
> to keep the internal network simple with one protocol, but looks like I
> don't have a choice.
>
> Thank you all for your response.
>
>
>
> On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
> > Sorry, will not work with ospf. Check the other post. You would have
> > to make both routes believe they are on the same subnet. Not a very
> > nice configuration with ospf.
> >
> >
> > On 3/27/07, nem chua <nemthuduc@gmail.com> wrote:
> > > Hi, thank you all for your reply. You're absolutely right about IBGP
> > > neighbor does not have to be directly connected. Assuming OSPF is the
> > > protocol using a neighbor statement and ospf nonbroadcast network will
> allow
> > > OSPF to send unicast messages to the neighbor one hop away and establish
> > > adjacency across the layer 3 firewall? That would be perfect.
> > >
> > >
> > > On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
> > > > With ibgp there is no need for multihop. You can already peer with
> > > > ibgp on for example the loopbacks without any special config (besides
> > > > setting the update-source). Just needs an underlying igp route!
> > > >
> > > > For the other protocols, if not using a tunnel, you would have to find
> > > > a way to establish an adjacency without broadcasting/multicasting. So
> > > > that would mean:
> > > >
> > > > RIP: passive-interface default + neighbor x.x.x.x
> > > > OSPF: ip ospf network-type nonbroadcast + neighbor x.x.x.x
> > > > EIGRP: neighbor x.x.x.x <outgoing intf>
> > > >
> > > > Maureen
> > > >
> > > > On 3/27/07, nem chua < nemthuduc@gmail.com> wrote:
> > > > > Hi all, I have a unique scenario where we need to establish a
> dynamic
> > > > > routing protocol over layer 3 firewalls. With EBGP we can do
> multihop
> > > to
> > > > > skip the firewall, but with other protocols such os ospf, eigrp,
> rip, is
> > > > > there any option to establish a neighbor without using GRE to tunnel
> > > over
> > > > > the firewall? Assume in all cases the firewall cannot participate
> in
> > > any
> > > > > routing protocol.
> > > > >
> > > > > Is there a way to do multihop with ibgp? Is there a hop count limit
> to
> > > > > multihop?
> > > > >
> > > > > THanks much.
> > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART