[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Problem with two PIX's and redundant links on different sites
From:       Carson Gaspar <carson () taltos ! org>
Date:       2001-04-25 21:40:59
[Download RAW message or body]

The PIX will not propagate routing information. I've argued about this with 
Cisco for ages, but they seem to think that having a "secure" platform that 
doesn't propagate untrusted routes is better than having a firewall that 
works. <sigh>

The best work-around I know if is to make the routers on either side of the 
PIX BGP peers, and permit BGP through the PIX. There's also an _egregious_ 
hack using RIP, but please don't go there.

-- 
Carson Gaspar - carson@taltos.org
Queen trapped in a butch body
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

[prev in list] [next in list] [prev in thread] [next in thread]