|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] FW-1 and OSPF
Hi All, our goal is to make our FW-1 (on NT4) "aware" of 1300+ intranet routes/subnets, so that each VPN user can browse any intranet web site. For this we installed RRAS (routing and remote access) to get OSPF capability on NT. Then we configured it on the *internal* interface only, to have it learn the routes from an internal OSPF router. We created a group object with the two needed mcast addresses (224.0.0.5&6), and allowed OSPF traffic between thir router and FW-1. Then the problem: FW-1 receives correctly the hello packets from the internal router. But when FW-1 sends it's hello packets to the router, it gives them the *EXTERNAL* interface as source address!!! Because of this, the internal router ignores the packets and the AS link exchange never starts between the two. They just keep sending hello packets to each other every 10 seconds... Of course FW-1 "sees" correctly it's OSPF neighbor (the router), but the router doesn't see FW-1 as a neighbor because of the wrong source address. We confirmed this to be the problem by taking one of the wrong packets and changing it's source address by the one of the internal interface. After sending this packet on the wire, the link exchange started immediately! Any clue? Thanks. Jose Garcia Technical Consultant CSS N.V. Tel: +32 2 7185313 Fax: +32 2 7185220 Email: [email protected]
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
