Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing OSPF routing -- R1 --> Checkpoint FW -- R2

What would be the best way to configure OSPF Routing to pass from R1 thru Checkpoint FW to R2 without establishing a GRE Tunnel. I have attmepted this via ethernet interfaces configured with "ip ospf network non-broadcast" command. Specifying neigbhor commands in the OSPF process. Also we are using secondary ip address. I have attached the configs of the two routers. So far All I get on R2 is attempt/drother. Any suggestions are most welcome.

4 REPLIES
Cisco Employee

Re: Passing OSPF routing -- R1 --> Checkpoint FW -- R2

Joel,

As far as I know, you will only be able to get an adjacency between R1 and R2 if you configure the transparent mode on the Checkpoint FW1 platform. I know this is the case when you use a Cisco FW service module (FWSM).

In routed mode, you will simply not be able to achieve that as the OSPF packets are sent with a TTL of 1 and decremented on the Checkpoint device.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Passing OSPF routing -- R1 --> Checkpoint FW -- R2

Thank You "hritter" I appreciate the insight with our problem. What is the best way to route through a firewall with a Cisco router on each side.

Thank You

Cisco Employee

Re: Passing OSPF routing -- R1 --> Checkpoint FW -- R2

Joel,

As mentioned in my previous post, the best way would probably be to use the transparent mode on the Checkpoint FW-1 device, which would allow you to have an adjacency between R1 and R2.

If you don't want to go from routed to transparent mode, then I would recommend to run BGP through the FW and to redistribute between OSPF and BGP on either side.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Passing OSPF routing -- R1 --> Checkpoint FW -- R2

Joel,

Are you trying to run OSPF with the Checkpoint firewall? I've done this and it worked well. There was an FWSM on the inside and a 2600 router on the outside.

If not, what's your reason for not letting the Checkpoint participate in OSPF?

Keith

Co-Founder LinuxDynasty

http://www.linuxdynasty.org

http://www.linuxdynasty.com

533
Views
0
Helpful
4
Replies