We are about to migrate our current ISPs to AT&T, the draw back is the ATT is providing the Edge router as well as managing it. Right now I have two OSPF processies in my PIX , one OSPF process for the outside interface and a different OSPF process for the inside interface, my default route is injected downstream from the internet router via "default information originate metric-type-1 ".
The new ISP does allow OSPF but without authentication, my OSPF domain inside uses MD5 for ospf authentication, if I was not to use authentication on the OSPF process on the PIX outside interface Im sure I will encounter problems geting a default route to the PIX.
What other options I have, AT&T tells me they can do OSPF without autentication which is not good for me because I will have to then omit OSPF authentication on my inside routers as well , ATT can simply do static and I was thinking of just killing the OSPF process all together on the PIX-outside interface and configure static route as:
ospf authentication is per inferface, not per device. You should be able to safely disable auth on the outside interface and still use it on the inside interface. All neighbor relationships will still form and you can still run ospf as you normally do.
Srue, thank you for you input, on those same lines without the authentication on the PIX outside interface I should still be able in geting a default route injected into my inside PIX interface ospf process which I do have it configured for default-information originate as well.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :