[c-nsp] eigrp question
Marty Adkins
adkins at netcraftsmen.net
Wed Jan 5 17:19:38 EST 2005
Jim McBurnett wrote:
>
> IE. In the PIX firewall, if I was to do this I would do it like this:
>
> 1. STATIC command to allow X IP to inside router IP
> 2. ACL to permit eigrp from external router only to internal router via
> the static command
> 3. configure the neighbor command on the external and internal routers
> to identify each other.
How would the two routers/neighbors end up on a common subnet, as required by EIGRP?
One other thing that surprised me is this statement in an EIGRP FAQ:
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml#ten
"Although the neighbor command is accepted by the Cisco IOS® parser, it should not be used. The neighbor statement does not behave as intended and can have a negative effect on EIGRP neighbors."
Rodney, care to explain further?
> 4. Add a loopback interface on both routers with an unused IP address to
> test the routing protocol.
> 5. Use access-list / route-maps to restrict the routes sent to and from
> each router.
> 6. once communications was up, then secure it with MD5
> 7. remove the loopbacks.
>
- Marty
More information about the cisco-nsp
mailing list