Passing OSPF routing -- R1 --> Checkpoint FW -- R2

Unanswered Question

What would be the best way to configure OSPF Routing to pass from R1 thru Checkpoint FW to R2 without establishing a GRE Tunnel. I have attmepted this via ethernet interfaces configured with "ip ospf network non-broadcast" command. Specifying neigbhor commands in the OSPF process. Also we are using secondary ip address. I have attached the configs of the two routers. So far All I get on R2 is attempt/drother. Any suggestions are most welcome.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Harold Ritter Tue, 05/20/2008 - 12:04
User Badges:
  • Cisco Employee,


As far as I know, you will only be able to get an adjacency between R1 and R2 if you configure the transparent mode on the Checkpoint FW1 platform. I know this is the case when you use a Cisco FW service module (FWSM).

In routed mode, you will simply not be able to achieve that as the OSPF packets are sent with a TTL of 1 and decremented on the Checkpoint device.


Harold Ritter Tue, 05/20/2008 - 16:15
User Badges:
  • Cisco Employee,


As mentioned in my previous post, the best way would probably be to use the transparent mode on the Checkpoint FW-1 device, which would allow you to have an adjacency between R1 and R2.

If you don't want to go from routed to transparent mode, then I would recommend to run BGP through the FW and to redistribute between OSPF and BGP on either side.



This Discussion