The situation is as follows.
We have one choke router cisco 2811.
This router is connected to the provider which is running MPLS/BGP. They will redistribute BGP into EIGRP. We will receive the EIGRP updates on the choke router. The customer doesn't want to run BGP in there internal network. There are 2 options i think: From the choke router we could setup a GRE tunnel. Over this GRE tunnel we could send only the routing updates and management traffic. And the normal traffic should go towards the firewall so that this can be checked by the firewall. The routing updates through the firewall are for updating the EIGRP table so when there is a line failure it will take the secundary path. Question how can we setup this the best is this by Policy routing?
Is there a possibility to route everything towards the firewall with a static and that the routing updates are allowed through the firewall? It is not allowed to enable routing on the firewall?
Could anyone give me some good advice on this topic or maybe some documentation how to setup this the best way. I have attached a small drawing. Please let me know. Thanks.