|
gayag
1 post
 |
Hi I have configured a ASA as EZVPN sever, which is in the DMZ of the check point FW. Remote branches have been connected through 3G network(by using cisco 3G module) to connect EZVPN server.The remote branches use this 3G link as the backup & primary links are connected through MPLS. BGP& Ospf are used as the routing protocol. So i want push Remote branch routes to the core (cisco 6500)from the EZVPN server by using a dynamic routing protocol.How can i configure the ASA & 6500 to communicate through check point FW? |
|
Tiki
7 posts
|
Well, for starters: To advertise your branch routes you need to use "reverse route injection" on the ASA. Secondly to allow IPsec tunnels to be established with the ASA you need to open the checkpoint to allow ESP and udp 500 & 4500 (if there is nat involed), this would be done inbound on the outside interface. Thirdly, for OSPF to work through the checkpoint you need to open up for multicast destination 224.0.0.5 to allow Hello packets to get through and then the OSPF protocol (protocol 89) this would be done inbound on the DMZ interface (assuming the 6500 is on the inside network). Hope this helps. |
Viewing 1 - 2 of 2
- 1