03-18-2008 05:37 PM
I have cisco pix firewall that is connected with my enterprise network. I wanted to run OSPF between entrprise router and pix firewall. I will configure my pix one interface into ospf area 1. My enterprise network will also use the internet via this firewall. Enterprise will also have default route towards that firewall bcz they wanted to acceess the internet.
Kindly tell me how to configure my firewall not only for OSPF but also for configure of Internet.
One solution will to use nonat so that everything from enterprise goes as it to my internet firewall C.
I am confuse about the firewall interface placement, shall i configure outside interface into OSPF or configure Firewall inside interface into OSPF.
Kindly see the network diagram and do let me know interface placement. should i place outside interface towards Enterprise network or inside interface towards the enterprise network.
03-18-2008 08:13 PM
Hi,
I do not see any reason why you need to run ospf. static routes will do just fine. Configure nonat on pix a and let pix c do all the NAT. Just make sure you have the appropriate static routes on all devices
A question about your diagram. Where is area 0? if you are going to run OSPF with multiple areas, you will need an area 0 and all areas will need to connect to area 0. To run OSPF do the following:
You can run 2 ospf processes on pix A. OSPF process 1 would will only include the inside interface of pix A and router. OSPF process 2 would only include the outside interface and outside devices. You would then configure redistribution between the 2 ospf processes. You could also run just one ospf process and include both inside and outside interfaces since you will be doing most of your nat on pix c. Do the NAT on pix c and noNAT on pix a.
Thanks
John
03-19-2008 03:46 AM
Actually this is a data Center design. Router A is connected another 7206 Router which is in back bone area. Enterprise is connected with multiple WAN Site via OSPF. So to avoid static route hassel my network design require the use of OSPF with Enterprise network.
Router connected with firewall will have the default route towards my firwall bcz enterprise use the Internet via this firewall.
I wanted to run ospf only one interface. This is where i m confusing. Which interface shall i put in OSPF domain, either inside or outside. If i will put outside interface in ospf, i have to configure static for each traffic entering in my network via ospf.
If i will put the inside interface in ospf domain, i have to configure nonat to allow traffic to get in.
please let me know what will be best practice.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: