| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] GateD for OSPF on FW-1
Jason, Duke, and the rest of the extremely talented guys and gals,
Im not sure how GateD is setup for everyone else, but for me, it has been a
neverending nightmare... *sighs*
Im running FW-1 3.0b, Solaris 2.6 and Gated
Basically here is the skinny on the problem im having....
Users on a partner network were complaining that response was super slow,
and citrix sessions would take 5min to log on,
Checking the Firewall everything looked OK, however when I looked through
the /var/adm/messages file, it showed a message
similar to the following: SUNW:qfe0 Late Collision, and netstat -i 1 showed
lots and lots of errors.. so...
someone suggested it is a bad port on the quad, so i used a different port,
and it corrected the error messages.
But the problem was still there, so i suspected Gated, was acting up, it was
late at night, I needed to have service
restored ASAP, so i powered off that firewall(secondary), and traffic flowed
perfectly thorough the Primary.
What went wrong? Am I in the dreaded asyncronously routed position that
Jason Witty mentions?
How should that be remedied?
BTW- Has anyone successfully contacted the new organization that manages
Gated now? Ive tried and tried to contact
them with no success, *sheesh, you'd think they would want the business....*
Any help from anyone would be greatly appreciated*Below is my .conf file,
---Fabian
OfficeHere is my gated.conf
--------------/etc/gated.conf------------------
#
# Public Release 3
#
# $Id: ospf,v 1.2 1997/07/17 22:39:31 chopps Exp $
#
#I use this configuration for testing RIP and OSPF. In the RIP case I
#generate version 2 multicast packets on all Ethernet interfaces (this
#is a Sun IPC, Ethernet interfaces are named le0, le1...). This is a
#safe way for me to test RIP the `production' gateways on this network
#do not support RIP version 2.
#
#In the OSPF case I test against several Proteon routers running OSPF.
#I've configured all interface to be priority 2 so the Proteon routers
#(which have are configured with priority 1) will become designated
#routers. I also specify a simple password authentication of
#`YYYYYYYY' for all Ethernet interfaces (which is all this system has).
#
#Jeff
#options noinstall;
interfaces {
# interface hme0 passive ;
interface qfe0 passive ;
interface qfe1 passive ;
# interface qfe2 passive ;
} ;
autonomoussystem 150 ;
snmp off ;
rip off {
broadcast ;
defaultmetric 5 ;
interface le version 2 multicast ;
} ;
ospf yes {
# traceoptions lsabuild protocol;
# traceoptions "gated.log" lsabuild all;
monauthkey "XXXXXXXX" ;
area 150{
authtype simple ;
interface all {
priority 2 ;
} ;
# interface hme {
# authkey "YYYYYYYY" ;
# } ;
} ;
};
static {
default gateway x.x.x.1 preference 140 retain ;
# 10.0.0.0 gateway x.x.x.1 preference 140 retain;
} ;
--------------/etc/gated.conf------------------
-----Original Message-----
From: Jason Witty [mailto:[email protected]]
Sent: Wednesday, September 13, 2000 1:01 PM
To: Glover, Duke
Cc: '[email protected].'
Subject: Re: [FW1] GateD for OSPF on FW-1
Duke,
I've done this very successfully for 3 years now. Here's a sanatized
sample config. Note that costing is extremely important, as you do NOT
want to wind up in a asnycronously routed position. So, obviously costs
need to be thought out VERY far in advance, and you might want to play
with the routerdead and hello intervals, but here's one I'm using:
--------------/etc/gated.conf------------------
#
interfaces { interface all passive; };
autonomoussystem 100;
routerid 192.168.2.5;
rip no;
ospf yes {
# backbone {
# authtype none;
area 100 {
networks {
192.168.0.0 mask 255.255.248.0 ;
x.x.x.0 mask 255.255.254.0 ;
};
interface hme0
cost 3 {
retransmitinterval 5;
transitdelay 1;
priority 8;
hellointerval 1;
routerdeadinterval 2;
};
interface qfe0
cost 1 {
retransmitinterval 5;
transitdelay 1;
priority 1;
hellointerval 1;
routerdeadinterval 2;
};
interface qfe1
cost 7 {
retransmitinterval 5;
transitdelay 1;
priority 1;
hellointerval 1;
routerdeadinterval 2;
};
interface qfe2
cost 3 {
retransmitinterval 5;
transitdelay 1;
priority 1;
hellointerval 1;
routerdeadinterval 2;
};
};
};
--------------/etc/gated.conf------------------
Hope this helps!
Jason
"Glover, Duke" wrote:
>
> FW-1 3.0b VPN 3083
> Solaris 2.6
>
> Is anyone using GateD for OSPF with FW-1 ? I'm looking for success and/or
> un-success stories. Also, if anyone would be willing to share a
"sanitized"
> GateD configuration file to look at, it will be greatly appreciated.
>
> AtDhVaAnNkCsE,
>
> Duke Glover
> desk => page => [email protected]
> Verizon / Enterprise Information Protection Services
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
