I have one pix 515 and 2811 router which is connect other branches. now pix is connect router static protocol and among router running static routing rotocol.
Now I want all router running OSPF or Eigrp routing protocol. So if all router running dynamic then Pix also need run dynamic ?. or pix connect static to router and in router configure redistribute ? so which is better ?
You r talking about pix 515 and u haven't mentioned the pix ios version. If pix ios version is 7.x series then it only support RIP and OSPF as dynamic routing and if PIX ios is 8.x series then it supports RIP,OSPF and EIGRP also. Till BGP is not supported in the PIX or ASA.
As far as ur concern, it is not necessary to run dynamic routing protocol on the pix , but if u want u can run not a issue when u r running routing protocol on the remote site router 2811.
Thanks. MY pix ios 7.x. I know that in my pix support OSPF.
as your comment 'it is not necessary to run dynamic routing protocol on the pix'
ok fine.if i not run dynamic then how from another (branch router) ping my server which is inside my pix ?.
so need redistribute in router (HQ) ?
as pix run static and router run dynamic so need redistribute ? or without this they can ping each other ?.
It depends on your network actually. The problem with static routes is the 'management headache'. If you are sure that you don't have to change these routes too frequently then that static is the way to go. However if you have multiple subnets behind the router (or even the firewall) and they change quite frequently, a better option would be to run a routing protocol.
I am think that I can not clear my confusing.
Now Ho, br router and pix runn static & default route and server which behind pix is access by another router
If I change all router run dynamic route and pix connect to router stattic then what happend ? its smooth running ?
or need redistribute or need configure change in Pix ?.
You can keep the dynamic routing on ALL routers, and on the router directly connected to the PIX, add a static route pointing towards the PIX.
Then redistribute both connected and static subnets on this router.
For the PIX, if a default route is possible, that would really simplify things. Else you need to put static routes for all the subnets behind the router. Or else just run a dynamic routing protocol :)
No problem, you have to keep studying the features and capabilities of the firewall tough, it takes a lot of time to master them. Specially NAT, application inspection etc.
Please rate helpful posts.
Farukh has explianed well, and I just want to add my thought for the same.
Just add static route on pix towards router, and on router towards pix.
Add ospf routes to router towards internet.
As per me, no route redistribution required on router, as it is running static and ospf routes. And route redistribution is only required between dynamic routing protoocols.
Need to do static PAT on PIX firewall, to convert internal server private IP to global IP.
The redistribution will be required IF the routers at the back of the router (adjacent to PIX) need to communicate with the subnets behind the PIX firewall.
If u run routing protocol at ur router & ststic routing on ur pix, then u must redistribute the route into the eouting protocol.