From: Robert Rech (rjrech@cgeykcsc.com)
Date: Tue Sep 03 2002 - 23:11:23 GMT-3
A Pix will support listening to rip routes {I believe v 2}. And it will
send a default route out using rip.
You can also use BGP through the pix to get routes from an outside
router to an inside router.
http://www.cisco.com/warp/public/459/BGP-PIX.htm
Robert Rech
Senior Network Engineer
Cap Gemini Ernst & Young
Kansas City Service Center
rjrech@cgeykcsc.com
phone (816) 459-4767
fax (816) 459-6767
>>> <sean@ttank.com> 09/03/02 20:59 PM >>>
Charles,
If you are talking about PIX firewall, it does not have support for
routing
protocols.
But, as far as I know, you have two options to allow routing protocols
through PIX:
1. configure a static route or default route on the outside interface
and
define a conduit
for a particular routing protocol, for example:
route outside ip_address netmask gateway_ip
conduit permit ospf host sourec_addr host dest_addr
Also, a static NAT pointer, if NAT is involved:
static (inside,outside) outside_ip_address inside_ip_address netmask
mask
2. use IPSec tunneling between routing end-points through PIX, you need
to
config below:
sysopt connection permit-ipsec
And the regular IPSec, ISAKMP configurations you'd need to make IPSec
work.
HTH.
- Sean Liu
CCIE, CCNP, CCDP, CCSE,
AIX-CATE, CNE, MCSE+I
Think Tank Systems, LLC
|--------+---------------------------->
| | "Charles Huang" |
| | <routing@icharles.|
| | no-ip.com> |
| | Sent by: |
| | nobody@groupstudy.|
| | com |
| | |
| | |
| | 09/03/2002 01:15 |
| | PM |
| | Please respond to |
| | "Charles Huang" |
| | |
|--------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "Paul Borghese" <pborghese@groupstudy.com>, "Charles
Huang" <routing@icharles.no-ip.com>, "CCIE" |
| <ccielab@groupstudy.com>
|
| cc:
|
| Subject: RE: Passing Routing information across Firewall
|
>------------------------------------------------------------------------------------------------------------------------|
firewall does not support any routing protocol ( only static routes ).
I would like to use either EIGRP, OSPF or even RIP would be fine too.
-----Original Message-----
From: Paul Borghese [mailto:pborghese@groupstudy.com]
Sent: Tuesday, September 03, 2002 9:51 AM
To: Charles Huang; CCIE
Subject: Re: Passing Routing information across Firewall
Which routing protocol are you using? Which firewall are you using?
PIX
or
Router with Firewall featureset?
Paul
----- Original Message -----
From: "Charles Huang" <routing@icharles.no-ip.com>
To: "CCIE" <ccielab@groupstudy.com>
Sent: Tuesday, September 03, 2002 3:18 PM
Subject: OT: Passing Routing information across Firewall
> Hi All,
>
> This may be a bit OT.
>
> does anybody know how to pass routing formation across the firewall ?
> tunnel would be an option to pass routing updates ONLY. The "normal"
IP
> traffic should still passes through the firewall. Assuming the
firewall
> does not support any routing protocol. Here is a little diagram hope
it
> might clarify the question.
>
>
10.1.1.0/24--R1--192.168.1.0/24--Firewall--192.168.2.0/24--R2--10.2.2.0/24
>
> R2 needs to learn 10.1.1.0/24 from R1
> R1 needs to learn 10.2.2.0/24 from R2
> tunnel between R1 & R2 is an option. but only to pass route
update/hello
> only.
> all IP traffic must route through the firewall.
>
>
> Any help would be appreciated
> Thanks in advance
> Charles
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:43 GMT-3