OSPF over PIX w/ 6.2

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Hello I'm new here
Posts: 1
Joined: Mon May 28, 2012 4:22 am

Re: Re:OSPF over PIX w/ 6.2

Post by theomegadj »

Guest wrote:Jeff,In the solution I implemented BGP was the only routing protocol passed through the firewall. Initially I tried to set the PIX up to allow traffic through thinking I could use the OSPF neighbour feature so the routers could see each other. This failed, as that feature also uses multicast traffic, which the PIX drops.So in the end I redistributed OSPF into BGP, tunneled the routing information through the firewall and redistributed back into OSPF. I didnt try using a virtual link, but as OSPF relies heavily on multicast traffic I'm sure such a link would fail also. Virtual links are often described as `tunnels' but that is intended to promote understanding of the concept, they only operate within contiguous OSPF networks.6.3 sounding attractive yet??
The solution would be to establish a tunnel and forward your OSPF multicast the the other site by GRE. GRE will "pick up and drop packets" like that. See this video http://www.youtube.com/watch?v=qdlAas52pEk

Then using SLA Tracking and OSPF routes, and a floating route you can achieve full redundancy. See my 3 site example zip. Look in the configs, see what I'm doing.. I'm also running NAT, IPSec, and a few other tricks.
Post Reply