Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX ospf configuration question, two processes

We have two PIX firewalls for two different functions, not failover.

Both PIX outside interfaces are in the same VLAN with edge router interface.

The edge router gets the default route from the PE router and distributes it to the intside on both firewalls.

At the moment there are two proccesses in each PIX, proccess 1 on the outside interface and process 2 on the inside interfaces of each PIX

The default route has to be dynamic for our failover scenario.

One PIX seems to be working by distributing the default to the inside, but the other PIX is not and causes problems with the dynamic routing.

Has anyone ever run across this type of scenaro and have some input on the best way to do this?

Any input would be appreciated.

3 REPLIES
New Member

Re: PIX ospf configuration question, two processes

What version? Any config you can share?

New Member

Re: PIX ospf configuration question, two processes

ver 6.3 on both PIXs:

This PIX is working and has adjacentcy, but looking at the "show ospf interface" the process 2 has no interfaces in it, but it does have adjacentcy with edge router and internal devices.

PIX525

router ospf 2

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.1.7.0 255.255.255.0 area 0

network 192.168.1.0 255.255.255.0 area 0

network 192.168.2.0 255.255.255.0 area 0

network 192.168.3.0 255.255.255.0 area 0

network 192.168.4.0 255.255.255.0 area 0

network 192.168.5.0 255.255.255.0 area 0

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

redistribute static subnets route-map STATIC

redistribute ospf 2 subnets match internal external 1 external 2

default-information originate

This PIX is not forming adcancentcy with edge router, but I don't think I need to really advertise from this PIX, all I need is to get the default router to it and the inside networks to it.

PIX515

router ospf 2

network 2.1.1.64 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.5.7.0 255.255.255.0 area 0

network 192.168.8.0 255.255.255.0 area 0

network 192.168.9.0 255.255.255.0 area 0

New Member

Re: PIX ospf configuration question, two processes

Sorry, the configs should look like this to match the drawing.

Would it be better to do some distribution in this scenario?

PIX525

router ospf 2

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.5.0.0 255.255.255.0 area 0

network 192.168.1.0 255.255.255.0 area 0

network 192.168.2.0 255.255.255.0 area 0

network 192.168.3.0 255.255.255.0 area 0

network 192.168.4.0 255.255.255.0 area 0

network 192.168.5.0 255.255.255.0 area 0

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

redistribute static subnets route-map STATIC

redistribute ospf 2 subnets match internal external 1 external 2

default-information originate

This PIX is not forming adcancentcy with edge router, but I don't think I need to really advertise from this PIX, all I need is to get the default router to it and the inside networks to it.

PIX515

router ospf 2

network 2.2.2.0 255.255.255.224 area 0

log-adj-changes

router ospf 1

network 10.1.0.0 255.255.255.0 area 0

network 192.168.8.0 255.255.255.0 area 0

network 192.168.9.0 255.255.255.0 area 0

229
Views
5
Helpful
3
Replies
CreatePlease to create content