RE: OSPF on Firewall

[MHawkins () TULLIB COM]

No, this is not true.

You CAN establish OSPF neighbors across firewalls (and RIP, BGP, EIGRP,
IGRP).

Since OSPF uses multicast to find other neighbors you can do it one of two
ways depending on the type of firewall you are using.

The easy way is to configure the routers on either side of the firewall with
specific neighbor statements that will establish unicast connections to each
other through the firewall.

The hard way is to get multicast routing working on your firewall and then
open OSPF IP protocol 89 (RFC 1247). This is a big hassle (and can't work at
all on PIX since pix doesn't support multicast). I tried this with
Nokia/CheckPoint and have put it off for now. Too hard and Cisco IGMP Nokia
IGMP have interoperability problems too!

Stick to the easy way - it works.

Mike H

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Shimon
Silberschlag
Sent: Wednesday, December 17, 2003 3:02 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] OSPF on Firewall


Lets say that I have two routers (on an internal network) that talk OSPF
between them.

Now I have to insert a firewall in-between the two routers.

I am led to believe (by the Communications people I work with) that there is
no other option but to install OSPF on the firewall, which doesn't make me
feel easy about the solution.

Is it true that there is no other way around this problem?

TIA,

Shimon Silberschlag

+972-3-9351572
+972-51-207130

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards