[nsp] OSPF x firewall
Andy Furnell
andy at furnell.org.uk
Mon Dec 22 03:19:47 EST 2003
On Sun, Dec 21, 2003 at 07:47:00PM -0500, Andrew Dorsett wrote:
>
> On Mon, 22 Dec 2003, Dmitri Kalintsev wrote:
>
> > On Thu, Dec 18, 2003 at 10:04:45PM -0200, Thales wrote:
> > > I have a area 0 with 2 routers running OSPF. Now , i need put a firewall
> > > in the midle. is it possible maintain this structure without change
> > > nothing and without need enable OSPF in the firewall ? Does Someome know a
> > > tip or a trick ? The subnet will be different.
>
> Why not put setup the OSPF to work off the loopback interfaces and then
> place a GRE tunnel between the two routers for the OSPF traffic. This way
> they can trade OSPF info with no problem and you don't have to change your
> structure too much. Just some thoughts...
>
> Andrew
if you do that any traffic traversing this link over ospf-learned routes will
use the GRE tunnel, thus bypassing the firewall (unless the firewall is
capable of speaking GRE and filtering the -contents- of GRE packets).
A
--
Andy Furnell
andy at furnell.org.uk
More information about the cisco-nsp
mailing list