Unanswered Question
Jan 14th, 2008

I have two PIX firewalls configured with two OSPF processes.

The edge router is connected to the PIX outside interfaces in one process.

I want to make sure the edge router will alwas prefer one PIX over the other, but the one I want preferred has a lower address on the OSPF interface showing up as the neighbor ID.

The ouside Interfaces are showing up as below from the Internet router:


Neighbor ID Pri State Dead Time Address Interface 1 FULL/DROTHER 00:00:37 FastEthernet0/0 1 FULL/BDR 00:00:36 FastEthernet0/0

I want to make the PIX that owns the interface be the preferred next hop for the edge router, but it is not.

Can I set the RID to a loopback interface on a PIX as you can in a router?

If so, what if I have more than one process, can you have more than one loopback one for each process?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bdube Mon, 01/14/2008 - 08:02

I understand you have 2 PIX connected to a common edge router.

To redirect inbound traffic to a preferred PIX, you can set interface cost to the edge router's interfaces giving to the PIXes. In OSPF, lower is better then a lower cost will be choose as the preferred path.

For outbound traffic, you can also set cost to your internal routers to choose a preferred path.



This Discussion