Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

PIX515e OSPF Message Digest Authentication

We are about to migrate our current ISPs to AT&T, the draw back is the ATT is providing the Edge router as well as managing it. Right now I have two OSPF processies in my PIX , one OSPF process for the outside interface and a different OSPF process for the inside interface, my default route is injected downstream from the internet router via "default information originate metric-type-1 ".

The new ISP does allow OSPF but without authentication, my OSPF domain inside uses MD5 for ospf authentication, if I was not to use authentication on the OSPF process on the PIX outside interface Im sure I will encounter problems geting a default route to the PIX.

What other options I have, AT&T tells me they can do OSPF without autentication which is not good for me because I will have to then omit OSPF authentication on my inside routers as well , ATT can simply do static and I was thinking of just killing the OSPF process all together on the PIX-outside interface and configure static route as:

route outside 0.0.0.0 0.0.0.0 ATT_Ethernet_Handoff.ip metric 1

My question is, by omiting the OSPF process from the outside interface and leaving the inside OSPF process intact with its MD5 for my inside network should I be worrying about any issues?

Regards

Jorge

2 REPLIES
Gold

Re: PIX515e OSPF Message Digest Authentication

ospf authentication is per inferface, not per device. You should be able to safely disable auth on the outside interface and still use it on the inside interface. All neighbor relationships will still form and you can still run ospf as you normally do.

Re: PIX515e OSPF Message Digest Authentication

Srue, thank you for you input, on those same lines without the authentication on the PIX outside interface I should still be able in geting a default route injected into my inside PIX interface ospf process which I do have it configured for default-information originate as well.

Thanks

Jorge

152
Views
5
Helpful
2
Replies
CreatePlease to create content