How to announce a network on OSPF?

Hello Experts,

I am attaching a diagram of a network.

We have 2 NAT Rules on each FW

FW1 NAT from 10.x.x.x /24 to 200.x.x.x /24
FW1 NAT from 192.168.0.x /24 to 190.x.x.x /24 Backup from site 2

FW2 NAT from 10.x.x.x /24 to 200.x.x.x /24 Backup from site 1
FW2 NAT from 192.168.0.x /24 to 190.x.x.x /24

We have an OSPF Area 0 between Internet Routers and Firewalls. On Internet Routers we have default information-originate, so FW gets the default route, so there is no problem from traffic getting out.

The problem is for the return traffic, when they get to the internet routers, they won't know where to get. I was thinking in a static route, but I was wondering is there is a bettet way, that Firewalls can announce this 2 public networks.

Thank you for you help
BR
FW.pdf
dsancAsked:
Who is Participating?
 
that1guy15Commented:
One your firewalls you need to set network statements in OSPF to advertise the 10 and 192 networks.

They will then update the routers with the proper routes to reach those networks
0
 
that1guy15Commented:
Here are the commands

router ospf <process ID>
 network 10.x.x.x.x 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0

Enter those on both firewalls and you should be set
0
 
dsancAuthor Commented:
Excelent even that i dont have any interface with those address there will be no problem?.
BR
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
that1guy15Commented:
I just assumes the two networks connected directly to the f/w's. So the link from the two switches to the firewalls are different subents?

You will want to use the networks that connect the 10 and 192 networks to your firewalls in your "network" command under OSPF.

Another question. if those two switches are layer three then why are they not involved in the OSPF area? This would simplify thing a lot.
0
 
dsancAuthor Commented:
Yes the 2 switches use diferent subnet, and the Firewall Nats, the private address that comes with the switch and translate it to the public address on the diagram. The problem was because the are no interface and no routes with this public address, the return traffic will no know where to route it.
Yes they speak OSPF with other equipments but not with the FW. There is design issue with that. =/

So network 190.x.x.x /24 and 200.0.0.0 have no interface nor route configured in any equipment, still work with the network command?
0
 
that1guy15Commented:
Hmmmm. the only thing I can think of would be static routes like you said.

One option would be to place static routes on the Firewalls and then redistribute static routes into OSPF. The routers will then learn about both static routes to the private networks.

0
 
dsancAuthor Commented:
Yes but the problem are not the static routes, are the public address, I think it could be a static route pointing to the null 0 and redistribute statics in the firewalls. What do you think>?
0
 
that1guy15Commented:
Yep. that should allow the routers to learn routes to the two public networks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.