?
Solved

How to announce a network on OSPF?

Posted on 2009-04-30
8
Medium Priority
?
374 Views
Last Modified: 2012-05-06
Hello Experts,

I am attaching a diagram of a network.

We have 2 NAT Rules on each FW

FW1 NAT from 10.x.x.x /24 to 200.x.x.x /24
FW1 NAT from 192.168.0.x /24 to 190.x.x.x /24 Backup from site 2

FW2 NAT from 10.x.x.x /24 to 200.x.x.x /24 Backup from site 1
FW2 NAT from 192.168.0.x /24 to 190.x.x.x /24

We have an OSPF Area 0 between Internet Routers and Firewalls. On Internet Routers we have default information-originate, so FW gets the default route, so there is no problem from traffic getting out.

The problem is for the return traffic, when they get to the internet routers, they won't know where to get. I was thinking in a static route, but I was wondering is there is a bettet way, that Firewalls can announce this 2 public networks.

Thank you for you help
BR
FW.pdf
0
Comment
Question by:dsanc
  • 5
  • 3
8 Comments
 
LVL 23

Accepted Solution

by:
that1guy15 earned 1500 total points
ID: 24271884
One your firewalls you need to set network statements in OSPF to advertise the 10 and 192 networks.

They will then update the routers with the proper routes to reach those networks
0
 
LVL 23

Assisted Solution

by:that1guy15
that1guy15 earned 1500 total points
ID: 24271905
Here are the commands

router ospf <process ID>
 network 10.x.x.x.x 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0

Enter those on both firewalls and you should be set
0
 

Author Comment

by:dsanc
ID: 24272025
Excelent even that i dont have any interface with those address there will be no problem?.
BR
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 23

Assisted Solution

by:that1guy15
that1guy15 earned 1500 total points
ID: 24272263
I just assumes the two networks connected directly to the f/w's. So the link from the two switches to the firewalls are different subents?

You will want to use the networks that connect the 10 and 192 networks to your firewalls in your "network" command under OSPF.

Another question. if those two switches are layer three then why are they not involved in the OSPF area? This would simplify thing a lot.
0
 

Author Comment

by:dsanc
ID: 24274234
Yes the 2 switches use diferent subnet, and the Firewall Nats, the private address that comes with the switch and translate it to the public address on the diagram. The problem was because the are no interface and no routes with this public address, the return traffic will no know where to route it.
Yes they speak OSPF with other equipments but not with the FW. There is design issue with that. =/

So network 190.x.x.x /24 and 200.0.0.0 have no interface nor route configured in any equipment, still work with the network command?
0
 
LVL 23

Assisted Solution

by:that1guy15
that1guy15 earned 1500 total points
ID: 24274860
Hmmmm. the only thing I can think of would be static routes like you said.

One option would be to place static routes on the Firewalls and then redistribute static routes into OSPF. The routers will then learn about both static routes to the private networks.

0
 

Author Comment

by:dsanc
ID: 24284868
Yes but the problem are not the static routes, are the public address, I think it could be a static route pointing to the null 0 and redistribute statics in the firewalls. What do you think>?
0
 
LVL 23

Assisted Solution

by:that1guy15
that1guy15 earned 1500 total points
ID: 24287674
Yep. that should allow the routers to learn routes to the two public networks.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question