PIX & OSPF recommendation

Unanswered Question
Nov 8th, 2007

I have the following topology

R1 --Lan--PIX--Lan---R2,R3,R4

I need to configure OSPF .should i pass the ospf through the PIX or configuring the ospf on the pix too? whot does cisco recommend?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 11/08/2007 - 05:58


Kind of depends on what mode the firewall is in. If the firewall is running in transparent mode then pass the OSPF traffic through. If it is running in routed mode it needs to participate in OSPF routing.



welcomeccie Sun, 11/11/2007 - 01:28

The FW is routed mode but is there any problem if i passed the traffic through it may be i need to use PBR on the inside routers

Jon Marshall Sun, 11/11/2007 - 02:07


That is the problem. OSPF expects to form ajacencies with neighbours on the same network but you have another hop between your 2 ospf routers because the firewall is in routed mode. That is why you can run OSPF on the FWSM itself in routed mode to get around this problem.

The only way the 2 ospf routers on either side of your FWSM will see each as neighbours is if the FWSM is in transparent mode ie. the same subnet on either side of the FWSM.


Jon Marshall Sun, 11/11/2007 - 07:50

Apologies, i keep referring to the FWSM (Firewall Services Module) but the same applies to the standalone pix.



This Discussion