Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] OSPF over GRE - SPLAT to Nokia

from Jarmoc, Jeff [Permanent Link]
Subject: [FW-1] OSPF over GRE - SPLAT to Nokia
From: "Jarmoc, Jeff" <Jeff.Jarmoc AT GRUBB-ELLIS DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Mon, 22 Nov 2004 09:43:06 -0600 
 Hi everyone.  I'm having some trouble running OSPF over a GRE tunnel
between Secureplatform and a Nokia IP650.  I'm hoping somewhat out there
may have some insights that can help.  I've been able to use OSPF over
GRE between two Nokias previously, but I'm having some trouble getting
the Nokia to cooperate with SPLAT.

GRE is working fine.  Both firewalls can ping each other's GRE IP
addresses successfully and the fw logs show the traffic as GRE.

OSPF, however, is giving me some problems.  Both GRE interfaces have
OSPF enabled.  On the nokia, the GRE interface is set to area 50.  On
the SPLAT box, running zebra, I can't enable OSPF on an interface as
such.  I've tried various methods, using the SPLAT GRE IP/32, the Nokia
GRE IP/32, and the GRE Network/30.  The only one that appears to show
the interface active in OSPF area 50 is when I use the SPLAT GRE IP/32.
With this configuration, I see OSPF multicasts coming from both
firewalls.  Both GRE interfaces are set as point-to-point interfaces,
but a TCPDump shows only OSPF Hello packets being sent from both
firewalls over their GRE interfaces, to multicast address 224.0.0.5.
Neither firewall appears to respond, and a neighbor relationship is
never established.

I'm suspecting there's some difference in the OSPF configs on these two
boxes.  I've verified the MTU on both boxes is set identically on the
GRE interfaces, since I've heard that MTU problems can cause OSPF to
malfunction.  Does anyone have any other ideas?

My next step is going to be establishing an OSPF adjacency without the
GRE tunnel in place (by moving the secureplatform box to one of the
Nokia's ethernet networks) just to be sure I can get OSPF working
between these two.

Thanks in advance!  I'll post back with any progress in case anyone else
encounters similar trouble in the future.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] OSPF over GRE - SPLAT to Nokia, Jarmoc, Jeff <=
Previous by Date:  [FW-1] Kai Pelzel ist außer Haus. [Virus checked], Kai Pelzel
Next by Date:  Re: [FW-1] Bge interfaces on Sun V240, Steve Butterfield
Previous by Thread:  [FW-1] Kai Pelzel ist außer Haus. [Virus checked], Kai Pelzel
Next by Thread:  [FW-1] Updating SmartDefense Offline, Crist Clark
Indexes:  [Date] [Thread] [Top] [All Lists]