Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX OSPF and RID

I have two PIX firewalls configured with two OSPF processes.

The edge router is connected to the PIX outside interfaces in one process.

I want to make sure the edge router will alwas prefer one PIX over the other, but the one I want preferred has a lower address on the OSPF interface showing up as the neighbor ID.

The ouside Interfaces are showing up as below from the Internet router:

MCI-

Neighbor ID Pri State Dead Time Address Interface

192.168.7.1 1 FULL/DROTHER 00:00:37 20.11.19.8 FastEthernet0/0

192.168.8.1 1 FULL/BDR 00:00:36 20.11.19.6 FastEthernet0/0

I want to make the PIX that owns the 20.11.19.6 interface be the preferred next hop for the edge router, but it is not.

Can I set the RID to a loopback interface on a PIX as you can in a router?

If so, what if I have more than one process, can you have more than one loopback one for each process?

1 REPLY
New Member

Re: PIX OSPF and RID

I understand you have 2 PIX connected to a common edge router.

To redirect inbound traffic to a preferred PIX, you can set interface cost to the edge router's interfaces giving to the PIXes. In OSPF, lower is better then a lower cost will be choose as the preferred path.

For outbound traffic, you can also set cost to your internal routers to choose a preferred path.

Ben

101
Views
0
Helpful
1
Replies
CreatePlease to create content