I need to advertise route from the inside of the pix to the outside of the pix. I am using EIGRP inside and outside(but can use any routing protocol). Is this possible? If so what is the best way to do it?
As you probably know, there is no way to natively pass EIGRP updates through the PIX. You pretty much have two options here:
1) create a GRE tunnel between the inside and outside router and pass your EIGRP updates across this. You will need to create a 1:1 static on the PIX and allow GRE to flow between the two hosts.
2) upgrade to 6.3 code on your PIX and configure OSPF. You would then redistribute your EIGRP routes into OSPF which the PIX would understand and advertise to the outside router. Once there, you can redistribute back into EIGRP if you want to.
BGP is the only routing protocol that will actually "pass" through the PIX without piping it through a GRE tunnel.
OSPF on the PIX will redistribute between OSPF processes on the PIX. In other words, you can have two OSPF processes running - one for the inside and one for the outside (for instance). You can redistribute from one OSPF process to the other if you want to. Or, you could just put both interfaces into one OSPF process and let PIX update the remote routers with the route updates. Clear or explained poorly?
This is most likely to late of an "update" message but you could still use ver 6.2 on the PIX although upgrading would most likely be you best option.
You can put EIGRP over a PIX running 6.2 w/o tunneling it - this is very easy to do in fact. It is the defacto standard that everyone must think that EIGRP is not able to pass through a PIX w/o using a tunnel. BGP will pass thru opening an access list of course and so will EIGRP infact IGRP and RIP will also pass thru the pix.
There are two ways to do this not using a tunnel. The first way is to use double NAT on the PIX. The second way is the cleanest way is to just use one to one networks in different subnets outside and inside.
This is all possible because each of these routing protocols have a ttl of 2 where OSPF has a ttl of 1 and this is not possible.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...