Passive routes with OSPF on the PIX

Hello

Having just upgraded my PIX to software v8 finally hoping to participate in OSPF on the network.

The PIX have all many DMZ I want to advertise on OSPF to remove a * much * of fragile static routes but of course I would * not * advertise or get OSPF of these demilitarized. I thought I could do these interfaces passive - or better still, question:

router ospf 1
passive-interface default

And then exempt only the internal interface.

However, (unlike IOS) it seems to be without notion of passive in the implementation of OSPF from the PIX - a place where I thought it would be very useful...

How to distribute the these DMZ on OSPF without advertising OSPF in them?

I had planned to use:

redistributed connected subnets

However, which redistributes things like the public interface of the Internet, I don't want to. In addition, even if there is a way to stop there including the public interface, it seems more prone to the error of the user than passive by default with one exception.

Any ideas? If this is not the case, can I restrict the interfaces in connected subnets redrawn?

Thanks for all the ideas!

Hi Peter,.

Thank you, Yes... I was suggesting to remove network dmz under the OSPF process commands.  As you said, it used to really do what you want to do with the removal of the static since its disabling ospf for this network.

Start-up eigrp would seem to be a lot of extra work just to eliminate the static if that's what it will be used for, but it would allow you to make the passive interface that would not accomplish snd/RRs eigrp on the specific interface.

I just re-read your first message and I think I understand now what you're after - which goes back to your first survey of redistribution... you can redistribute static electricity and use a road map to control what roads you want to redistribute.  You can then remove the networks for the demilitarized zone under router ospf process.

example:

access-list ospfredist standard permit 10.10.10.0 255.255.255.0

access-list ospfredist standard permit 192.168.10.0 255.255.255.0


route-map static-ospf

  match ip address ospfredist


router ospf 10

  redistribute static subnets route-map static-ospf


this should redistribute only the statics that you listed above.


hope this helps a bit.


-scott

Tags: Cisco Security

Similar Questions

  • VPN with usernames in the pix firewall

    Is there anyway to make my VPN connections in my specific user pix?

    I know it's possible with the concentrator 3000 but don't know if you can do it with a pix. I have about 10 people who need VPN in.

    Can each VPN cause a different password?

    Reason is: if I let go 1 person I don't want to have to worry about changing the passwords for all the world just deleting an account.

    Thank you

    Anthony

    In a PIX VPN connection should always be authenticated with a name of username/password extra for extra security. Up to v6.3 you used to have to store these names of user and password to an external Radius/GANYMEDE server, but to the point 6.3 now you can use the local user on the PIX database to store these.

    The commands are:

    > the client authentication card crypto LOCAL

    > user_name password

    You can have as many orders "... user name. "as you wish. If someone leaves your company simply remove it the name of the list.

  • Difference b/w PIX & router (router with the firewall option)

    Hi all

    I want to know that how we can differ with router (router with the firewall option) PIX bcz can also make Staefull packet filtering. What PIX device that reviewed by the customer to use PIX of the router.

    Thank you best regards &,.

    Guelma

    Hello

    There is a discussion in this forum on this topic; Check "Firewalling: PIX vs IOS Firewall" last conversation was released January 10, 2006. Let me know if it helps.

    Rgrds,

    Haitham

  • Is the iI require a router with my PIX?

    I have a cable connection to internet, the ISP gives me a DHCP IP. Do I need to buy a router to put in fromt of my recently purchased PIX or PIX can handle routing as well?

    In addition, how the PIX runs the dynamic IPs on its external interface? I'm a little confused, thanks in advance.

    -Marc

    Yes.

    Your external ip address on the pix can be static or dynamic

    Your internal ip address on the pix must be static. The pix can act as a dhcp server on your network interla, but it looks like you already have that all together towards the top. Just exclude an ip address of the internal pool and use it for your pix. Make sure that you configure your dhcp server to pass this as the new default gateway ip address.

  • Configuration of the PIX 520 with two links to Internet

    Hello.

    I have a pix 520 with four interfaces ethernet firewall, in fact I am with

    just two interfaces,

    Ethernet 0 outdoors

    Ethernet 1 inside

    ethernet2 closed intf2

    ethernet3 closed intf3

    Thus, in the interface to the outside, I have access to the internet, but now I

    access to the internet and I want to configure the two, I mean,.

    a single network inside and two internet access,

    is it posible?

    the perhaps configuration.

    Ethernet 0 (access 1) outdoors

    1 Ethernet (ip 10.1.1.1) inside

    ethernet2 outside2 (access to internet 2)

    ethernet3 inside2? (ip 10.1.1.2)?

    Thanks for the help,

    You can plug it in like that, but there is no way to route traffic by default. PIX does not support this type of connections that you can only configure a default route on the pix. This link should help describe what you can do: http://www.cisco.com/warp/public/110/pixfaq.shtml#Q18

    I hope this helps.

    Kurtis Durrett

  • Information on the routing of traffic of the client VPN to PIX.

    Hey all,.

    I could follow the VPN Wizard included in the PDM and able to connect with the VPN Clients for the PIX. But I'm looking for more information about how the routing is done.

    For example, my remote is 67.71.252.xxx and my inside is 192.168.1.xxx. But if I connect via VPN to PIX Client, all data is transferred through my VPN to PIX and then trying to get out to the Internet.

    I'll settle for data goes 192.168.1.xxx for transit through the VPN. This configuration made via the PIX or is it the responsibility of the Client machine to set up rules of the road?

    All links to the guides to installation, or technical notes would be great.

    Thank you inadvance.

    Paul

    Hello

    I think the key word you are looking for is "split tunneling". This can be validated on the PIX using the vpngroup split access_list tunnel GroupName command.

    "Split tunneling allows a remote VPN client or encrypted simultaneous Easy VPN remote access device to the corporate network and Internet access. Using the vpngroup split-tunnel command, specify the access list name with which to associate the split tunneling of traffic. "

    In this example configuration: http://www.cisco.com/warp/public/110/pix3000.html, note that the same access list is used to "nat 0" and split-mining:

    access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

    (Inside) NAT 0-list of access 101

    vpngroup vpn3000 split tunnel 101

    Order reference:

    http://www.Cisco.com/en/us/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1099471

    Please let us know if this helped

    Kind regards

    Mustafa

  • a way vpn with asa to the 800 router

    people

    I have a site to site vpn set up between a asa 5540 and a 800 router

    I want only the vpn to be initiated from the asa with the 800 remote listen incoming connections

    I know that I can define the type of connection on the asa as only come but I can find an equivalent command to answer only for the 800 remote

    can anyone point me in the right direction or is it enough to simply configure the asa as are created only for this encryption card

    Thanks to anyone who takes the time to answer

    Hello

    I recommend you configure the tunnel as a dynamic to static tunnel VPN, the ASA will be the static counterpart, so it will be the initiator and the router will never be able to establish the connection.

    The ASA will be a common L2L configuration, but the router will use a dynamic encryption card.

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a008051a69a.shtml

    The PIX in the example is old, then you can simply adjust the controls to your current version, the important thing is to understand the concept.

    Please let me know if that answers your question,

    Thank you.

  • How can I set up the AEBS as a router with sky Hub as a modem?

    I have sky broadband with a Hub of Sky SR102-Z router. I had the problems of slow speed, and the tour engineer told me that it is caused by the interference of a wi - fi connection. I have an Airport Extreme Base Station that I stopped using when I got sky, but I now use it as a router (the Hub of sky is quite limited) connected to the Sky as the Modem concentrator. I would be grateful for any advice on how to set up the AEBS so that it fills the air Hub. Thank you.

    I would be grateful for any advice on how to set up the AEBS so that it fills the sky Hub

    If you want to use as a router AirPort Extreme... it would mean that hub Heaven must be reconfigured to act as a modem mode simple bridge.

    Whether or not it's possible and even if it is possible... Whether or not the sky will support this type of installation are questions for heaven. So, you will need get clarification from heaven on this topic before you can proceed with the configuration of the AirPort Extreme.

    You can keep in mind that the hubs of some suppliers cannot be reconfigured to make the function of the device as a modem mode simple bridge. If which is the case with the sky... then you will need to set up the AirPort Extreme in Bridge Mode and continue to let the Sky router as the network router, same function if the wireless may not be enabled on the hub of the sky.

  • How to share files and printers between windows xp desktop that is connected to a wireless router with a laptop running windows 7. printer is connected to the desktop computer

    Hi all.  I normally wouldn't have a problem with that, but I must be missing something.  I want to create a home network or small business between my desktop running windows xp pro sp3 and my laptop running windows 7 Home premium.  I want to share files and printers.  My desktop with windows xp computer is connected to a wireless router.  The printer is connected to my desktop as well.  My laptop is wireless with the wireless router.  I tried everything I can think of to get these two devices to the network.  If anyone can help.  Don't forget, my printer is connected to my desktop with windows xp and is connected to my wireless router which is connected to my cable modem.  Internet works fine.  the laptop with windows 7's wireless and internet works fine.  just impossible to get the two see each other or share what anyone.  Thank you.

    With respect to the sharing of printer (s), microsoft has a utility called 'Print Migrator'

    Download & install, create copy, send a copy to the other pc to share its use.

  • Access to the COR to two XP systems behind a router with a single public IP address

    Hello

    is it possible to access the RDC to two XP systems, with two different port for the DRC, behind a router with a single public IP address?

    Please note this ia a small home network without any parameters of the field. I use IP to access DRC.

    You comments are appreciated.

    Thank you

    Use different ports for the DRC on both XP and configure the router to redirect to the appropriate port on the appropriate computer.

    See the article in the Microsoft Knowledge Base How to change the listening port for remote desktop .

  • When I try to connect with my wireless laptop will connect only to Local access. If I connect the laptop to the router with the ethernet cable, it works very well.

    VIsta - Local access only

    HI -.
    I recently moved.   I use the same router from my old apartment and I had no problem connection in the past.   Since I moved I have a new Time Warner modem (Cisco) and the modem works fine.

    The router also works very well I'm able to connect with my iPhone and IPad without any problem.

    But when I try to connect with my wireless laptop, it will only connect to Local access.    If I connect the laptop to the router with the ethernet cable, it works very well.

    It's a Dell Studio 15 with Vista.

    The computer is able to connect to wifi to other places without any problem, but for some reason that I can't connect home.   I tried to reset the modem and the router several times, but that did not help.   I tried the option repair & diagnose several times but it doesn't work.

    I tried to look for other solutions online and tried to disable IPv6, and while it helped some and I was able to connect wireless, the computer ran so slowly that it didn't seem like a good solution.

    This has been very frustrating.   Thanks in advance for any help or suggestion.
    Staci

    Hello Staciusa,

    Have you tried to change the wireless channel that your router is running at? There may be interference that could prevent the internet connection:

    Take a look at step 6 in this article that give more details about it:

    http://www.Microsoft.com/athome/Setup/wirelesstips.aspx

    If you need assistance to change the settings of the specific router, you will need to contact your router manufacturer or your internet service provider.

  • Vista can communicate with the wireless router, but cannot access the internet

    I have a SONY Vaio with Vista.  Until recently, it worked fine with an old router Netgear wireless with no encryption.  I replaced the router with a Linksys E1200 and set up for WPA/WPA2 encryption.  My iPod, iPad, an HP printer and laptop running Windows 7 quite change with absolutely no problem.  After entering the SSID and password on the Vaio, it connects to the router but will not access the Internet.  I tried to reset the router and cable modem, without success.  Suggestions before you start the laptop across the room and rid my life of the bane of Vista forever?

    Hello

    ·         What is the antivirus installed on the computer program?

    Let's try the following methods.

    Method 1: Temporarily disable the antivirus on the computer program and check if the problem persists. If no problem occurs, then you need to firewall settings in the security software.

    Note:  Check that you activate your anti-virus protection on the computer back after you complete these steps. It is not recommended to disable these settings on the computer. It's just to solve the problem.

    Disable the anti-virus software

    Method 2: Follow the steps in the article mentioned below.

    In the Windows wireless network connection problems

  • HP pavilion dv6 1002nr windows vista edition family compatibility with wep to the wifi router security

    I have a hp pavilion dv6 1002nr running Windows Vista Home edition.  I just installed a new modem/router from Verizon.  The modem/router is an Actiontec GT784 VNO (V stands for Verizon, I read).  However, Verizon technology that helped me to set up my wireless network said that my Windows Vista computer is 'inconsistent' with WPA or WPA2 security, when he had me assiting to set up my modem/router.  As a result, he said he had to set up WEP security (which is a weak way to secure my wireless network).  So it changed the parameters of the modem/router WPA2 to WEP, which made me feel less secure.  He said I needed to upgrade to Windows 7 or higher.  Is this true?  Is there another solution (like updating wireless drivers) instead?  I always keep my Windows Vista operating system.  Thanks for any suggestions or links to find solutions.  I want to use WPA or WPA2 security for better security.  Thank you.

    Hello:

    You have the terrible child Atheros card.

    Download and install this driver, reboot and you should be able to change the security of your router to WPA2-Personal wireless.

    http://h20565.www2.HP.com/portal/site/hpsc/template.page/public/PSI/swdDetails/?lang=en&cc=us&sp4ts.Oid=5060882&swItem=ob_108905_1

    I don't recommend you disable or uninstall devices listed there.  One is the wired ethernet (Realtek).

    The other 2 are a few things of internet protocol.

  • Unable to connect to the router with Win 7

    I can't connect to my router with os Win 7. I have XP & Vista partitions on the same machine without any problem. Keeps giving me the default ip address 169.254.   I did the release, renew, map unistall, policy changes, the static settings and just about everything else I could think of. It is connected at a given time, but not anymore. Same router. My HP mini with Win 7 has no problem of wired or wireless connection. Is there a registry editing as I do or other settings I can try. I disabled V6 and others. Any help would be appreciated. Thanx.

    For any question on Windows 7:

    http://social.answers.Microsoft.com/forums/en-us/category/Windows7

    Link above is Windows 7 Forum for questions on Windows 7.

    Windows 7 questions should be directed to the it.

    You are in the Vista Forums.

    See you soon.

    Mick Murphy - Microsoft partner

  • When you try to add a network route with the "route add" command in the command line, I get the message "the requested operation requires a rise."

    Elevation required to route add command

    When you try to add a network route with the "route add" command in the command line, I get the message "the requested operation requires a rise."  What is the correct syntax to use?

    You can watch using the PowerShell...

    http://TechNet.Microsoft.com/en-us/library/bb978526.aspx

    http://TechNet.Microsoft.com/en-us/scriptcenter/dd742419.aspx

    .. .and post questions about Windows PowerShell forum...

    http://social.technet.Microsoft.com/forums/en/winserverpowershell/threads

Maybe you are looking for

  • Java for el capitan

    How can I fix this problem?

  • Satellite M50D-A-10Z cannot start, stuck on the Toshiba screen

    Hello I tried to install windows 8.1 after computer instalation. After this restart I can not do anything computer stuck on the toshiba screen (8 h), when I tried to turn on and go to the bios by pressing TAB computer stucks on bios Version screen an

  • HP Pavilion a6433.fr Desktop: wlan need driver

    Hello I had to reinstal windows on my computer today. After I couldn't find a driver for my 802.11 Wlan. He worked before reinstalling windows and 2 years ago, I found a driver on the web, it won't work this time, when I installed a driver.  A: this

  • How to disable the TouchPad 'tap to click' on Satellite A200 - 15L Vista

    Until mid-December, I got the Synaptics Touchpad ' tap to click on "disabled. Then it became somehow activated, the context menu item to change to gray and the properties of the mouse, etc. settings contain no reference to it. It was suggested that u

  • Subvi questions

    I am very new to LabView, and I'm trying to chain several VI who wrote programmers better than me. I have problems, however some of them to work as the Subvi in my program, so I feel like I'm missing something. The joint "Hand Controller.vi" translat