Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

OSPF and EIGRP through a PIX

Is there any way to configure ospf or eigrp to pass through a PIX??

2 REPLIES
Silver

Re: OSPF and EIGRP through a PIX

Only using, and through, GRE Tunnels.

Hope this helps you,

Don

Silver

Re: OSPF and EIGRP through a PIX

What are you trying to accomplish? Generally it is bad for security to run a routing protocol through a firewall (after all, if you can trust what is on the other side, why use a firewall?). If the goal is to detect the status of a router on the other side of the firewall, you can use BGP rather than an IGP. BGP is compatible with firewall filtering, including NAT if you need it, and can be easily filtered to minimize the damage that can be caused by a hostile system on the other side of the firewall.

See the white paper on my web site on Redundant Firewall Configuration to see an example of how BGP can be configured to run through a NAT firewall and used to control static routes. That way, there is no way a rogue on the far side of the firewall can insert bogus routes into the near side of the firewall.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

86
Views
0
Helpful
2
Replies