cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
2
Replies

PIX & OSPF

wasiimcisco
Level 1
Level 1

I have cisco pix firewall that is connected with my enterprise network. I wanted to run OSPF between entrprise router and pix firewall. I will configure my pix one interface into ospf area 1. My enterprise network will also use the internet via this firewall. Enterprise will also have default route towards that firewall bcz they wanted to acceess the internet.

Kindly tell me how to configure my firewall not only for OSPF but also for configure of Internet.

One solution will to use nonat so that everything from enterprise goes as it to my internet firewall C.

I am confuse about the firewall interface placement, shall i configure outside interface into OSPF or configure Firewall inside interface into OSPF.

Kindly see the network diagram and do let me know interface placement. should i place outside interface towards Enterprise network or inside interface towards the enterprise network.

2 Replies 2

johnd2310
Level 8
Level 8

Hi,

I do not see any reason why you need to run ospf. static routes will do just fine. Configure nonat on pix a and let pix c do all the NAT. Just make sure you have the appropriate static routes on all devices

A question about your diagram. Where is area 0? if you are going to run OSPF with multiple areas, you will need an area 0 and all areas will need to connect to area 0. To run OSPF do the following:

You can run 2 ospf processes on pix A. OSPF process 1 would will only include the inside interface of pix A and router. OSPF process 2 would only include the outside interface and outside devices. You would then configure redistribution between the 2 ospf processes. You could also run just one ospf process and include both inside and outside interfaces since you will be doing most of your nat on pix c. Do the NAT on pix c and noNAT on pix a.

Thanks

John

**Please rate posts you find helpful**

Actually this is a data Center design. Router A is connected another 7206 Router which is in back bone area. Enterprise is connected with multiple WAN Site via OSPF. So to avoid static route hassel my network design require the use of OSPF with Enterprise network.

Router connected with firewall will have the default route towards my firwall bcz enterprise use the Internet via this firewall.

I wanted to run ospf only one interface. This is where i m confusing. Which interface shall i put in OSPF domain, either inside or outside. If i will put outside interface in ospf, i have to configure static for each traffic entering in my network via ospf.

If i will put the inside interface in ospf domain, i have to configure nonat to allow traffic to get in.

please let me know what will be best practice.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: