[nsp] OSPF x firewall
Ives Dekoninck
Ives.Dekoninck at eu.didata.com
Wed Dec 31 03:42:40 EST 2003
Configure the firewall with static routes using a default and other more
specific routes. An alternative could be to run a routing protocol
between router and FW, though I would not suggest that. (Routers do
routing, FW do firewalling).
Cheers,
-Ives-
-----Original Message-----
From: Andy Furnell [mailto:andy at furnell.org.uk]
Sent: mercredi 31 décembre 2003 9:35
To: Ives Dekoninck
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] OSPF x firewall
On Wed, Dec 31, 2003 at 08:38:11AM +0100, Ives Dekoninck wrote:
>
> Hi, Dimitri
>
> IF you need two routers to talk a dynamic routing protocol with a FW
in
> the middle, I would suggest running BGP between the two.
>
> The advantage of BGP is that you don't need to be on the same subnet
as
> long as it knows the route (static route) to the neighbour. The other
> advantage of running BGP is that on the firewall you only need to open
> TCP port 179 from the inside to the outside network.
>
> Hope this helps,
>
The firewall still has to know where to route the packets while it's
passing them between routers.
A
--
Andy Furnell
andy at furnell.org.uk
More information about the cisco-nsp
mailing list