We're looking at using an Internet VPN as a backup connection between 2 data centers. To handle this dynamically, we'd like to put a router in a DMZ of our PIX 525s and have it share OSPF tables with a router on the inside network from the PIX. Anotherwords, our 6509s make a policy based routing decision on whether or not to send traffic out the private MPLS network, or, they send it to the DMZ VPN router to travel across a VPN to its destination. I'm having trouble finding documentation on how to do this, can anyone assist?
If you do not want the pix firewalls to process the ospf updates, instead just forwarding them between your internal and dmz routers, this is called sending ospf thru the pix (instead of to it). This can be done only if you configure gre tunnels or ipsec tunnels between your internal and dmz routers.
When configure acls on all of the pixes to allow the gre or ipsec traffic, you need add the rules on both the internal and dmz interfaces of each pix that will see the traffic. This is because you cannot determine which router (dmz or internal) will send the updates first.
If you want to use ipsec, the relevant acls would include udp src port 500 to dest port 500, the ah and the esp protocols.
For gre, just spec the gre protocol instead of tcp/udp.
Again the connection can originate on either end so you will need the same rules (with source and dest reversed) on the dmz side as well as the internal side.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...