From: Hansang Bae (hbae@nyc.rr.com)
Date: Wed Sep 04 2002 - 03:02:29 GMT-3
At 04:31 PM 9/4/2002 +1200, Justin Cook wrote:
>I have heard for a trainer that a good method is to set up neighbor commands
>and allow OSPF TCP Port (Cant remember what port) through the firewall as
>the neighbor command converts it from multi to uni.
>This is assuming you have default gateway pointing out external interface
>(May require statics if on a DMZ) and a route to the internal router
>Please correct me anyone if this is incorrect as I have not had an
>opportunity to test it yet
Don't bother and get a new trainer. OSPF uses IP protocol (89) TCP is not involved.
While detecting a single failure using a single FW can be easy to overcome, when you have redundant routers on the clean and dirty side, with a redundant firewall setup in the middle, BGP is the *only* way to make it work. I'm not including specialty equipment here...just routers, switches and firewalls.
If you want an interesting read, check out Vincent Jones' whitepaper on setting up a redundant system (www.networkingunlimited.com)
hsb
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:43 GMT-3