PIX & OSPF

Unanswered Question
Mar 18th, 2008

I have cisco pix firewall that is connected with my enterprise network. I wanted to run OSPF between entrprise router and pix firewall. I will configure my pix one interface into ospf area 1. My enterprise network will also use the internet via this firewall. Enterprise will also have default route towards that firewall bcz they wanted to acceess the internet.

Kindly tell me how to configure my firewall not only for OSPF but also for configure of Internet.

One solution will to use nonat so that everything from enterprise goes as it to my internet firewall C.

I am confuse about the firewall interface placement, shall i configure outside interface into OSPF or configure Firewall inside interface into OSPF.

Kindly see the network diagram and do let me know interface placement. should i place outside interface towards Enterprise network or inside interface towards the enterprise network.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
johnd2310 Tue, 03/18/2008 - 20:13

Hi,

I do not see any reason why you need to run ospf. static routes will do just fine. Configure nonat on pix a and let pix c do all the NAT. Just make sure you have the appropriate static routes on all devices

A question about your diagram. Where is area 0? if you are going to run OSPF with multiple areas, you will need an area 0 and all areas will need to connect to area 0. To run OSPF do the following:

You can run 2 ospf processes on pix A. OSPF process 1 would will only include the inside interface of pix A and router. OSPF process 2 would only include the outside interface and outside devices. You would then configure redistribution between the 2 ospf processes. You could also run just one ospf process and include both inside and outside interfaces since you will be doing most of your nat on pix c. Do the NAT on pix c and noNAT on pix a.

Thanks

John

wasiimcisco Wed, 03/19/2008 - 03:46

Actually this is a data Center design. Router A is connected another 7206 Router which is in back bone area. Enterprise is connected with multiple WAN Site via OSPF. So to avoid static route hassel my network design require the use of OSPF with Enterprise network.

Router connected with firewall will have the default route towards my firwall bcz enterprise use the Internet via this firewall.

I wanted to run ospf only one interface. This is where i m confusing. Which interface shall i put in OSPF domain, either inside or outside. If i will put outside interface in ospf, i have to configure static for each traffic entering in my network via ospf.

If i will put the inside interface in ospf domain, i have to configure nonat to allow traffic to get in.

please let me know what will be best practice.

Actions

This Discussion