On Thu, 6 Jan 2005, Gert Doering wrote:
On Wed, Jan 05, 2005 at 11:31:54PM -0500, Jim McBurnett wrote:
WOW...
I will have time to lab test this tomorrow of Friday...
Well, maybe this could be done using lookbacks, and then sourceing the
traffic for E0
Something one needs to be very careful about when doing EIGRP routing
via a GRE (or IPSEC or whatever) tunnel through the firewall - this will
mean that the actual packets will also flow through the tunnel, and that
the firewall *will not be able to inspect these packets!!*. So you
effectively circumvent the firewall - and if you do it, it's easier
to just throw it away.
BGP is a better approach to routing here, because with BGP you can open
a TCP session through the firewall (for BGP) and the packets will still
flow the normal way, and can be inspected.
I'd be pretty careful about BGP as well. You'll likely eliminate the
benefits of BGP because the the firewall will have to have static
routes corresponding to the BGP-advertised prefixes, or you'll end up
having a routing loop sooner or later because the firewall doesn't
have sufficient topology information....
17 messages in net.nether.puck.cisco-nsp[c-nsp] eigrp question
