Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

OSPF over VPN between PIX ver.7 and IOS router. Is it possible?

Hi all.

I need to run OSPF over the VPNs created between the PIX (code ver. 7.01) and the remote site IOS routers (IOS ver.12.2).

I tried the new feature of PIX v.7, OSPF over VPN. I configured the remote router as ospf static neighbor.

It seems good for the pix but not acceptable by the remote IOS.

The remote side error is: SOURCE NEIGBHBOR NOT IN THE SAME NETWORK.

Somebody knows if some level of IOS implements the feature OSPF over VPN?

Another way to solve the problem could be to build a Tunnel GRE over the VPN, but I believe the PIX can not terminate the GRE Tunnel (?).

Is it true? Somebody can confirm me this?

Tanks fo the answers. Bye. Efrem

3 REPLIES
Community Member

Re: OSPF over VPN between PIX ver.7 and IOS router. Is it possib

Hi Efrem,

As for GRE and PIX, this is true, no GRE on PIX.

As for your OSPF issue, there is a document that describes how to set up ospf between PIX7/ASA and IOS:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml

As we're talking about OSPF and PIX7/ASA, is it possible to build larger ospf networks with these devices? It seems that there is only support for one neighbor which makes it unusable in larger deployments. Has anyone experience in running OSPF inside a larger VPN on the basis of ASA/PIX7? We're currently evaluating such a solution for our customer but it does not look very well.

Bye,

Markus

nt
Community Member

Re: OSPF over VPN between PIX ver.7 and IOS router. Is it possib

Hi Efrem,

I tried also to establish OSPF over IPSec between the pix (v.7.04) and a IOS router.

I have the same problem:

- IOS router support OSPF only via a GRE tunnel

- PIX do not support GRE

I found also no way to establish OSPF over IPSec.

If you have any other ideas to solve the problem, please post it.

Thanks for help, nt

Community Member

Re: OSPF over VPN between PIX ver.7 and IOS router. Is it possib

Markus, in my case there is one PIX in the central site and IOS routers in the periphery, so I cannot use the pix's feature OSPF OVER VPN. I would need the PIX also in the remote sides.

Nt, the solution applied consisted in adding one more Cisco IOS Routers in the Inside respect to the central site PIX. In the second step I will add another router to permit High Availability. In this router I terminated the GRE tunnel. So the VPN is terminated in the remote IOS (loopbak0) and in the PIX outside interface, while the GRE tunnel is terminated in the remote IOS (Fastethernet0/0) and in the local Router (Fastethernet0/0) connected in the central site intranet, where the pix connects its own Inside Interface. Between these two GRE tunnel interfaces can pass OSPF.

Bye Efrem.

136
Views
4
Helpful
3
Replies
CreatePlease to create content