Table of Contents
Advertisement
It is now possible to check that OSPF is operating and that routing information is exchanged.
This can be done by examining the routing tables. Routes that have been imported into the
routing tables though OSPF are indicated with the letter "O" to the left of the route description.
For example, the routes command might give the following output:
gw-world:/> routes
Flags Network
----- --------------- ----------- --------------- ---------- ------
192.168.1.0/24
172.16.0.0/16
O
192.168.2.0/24
Here, the route for 192.168.2.0/24 has been imported via OSPF and that network can be found on
the WAN interface with the gateway of 172.16.2.1. The gateway in this case is of course the
NetDefend Firewall to which the traffic should be sent. That firewall may or may not be attached
to the destination network but OSPF has determined that that is the optimum route to reach it.
The CLI command ospf can also be used to indicate OSPF status. The options for this command
are fully described in the CLI Reference Guide.
Sending OSPF Traffic Through a VPN Tunnel
In some cases, the link between two NetDefend Firewalls which are configured with OSPF Router
Process objects may be insecure. For example, over the public Internet.
In this case, we can secure the link by setting up a VPN tunnel between the two firewalls and
telling OSPF to use this tunnel for exchange of OSPF information. Next, we will look at how to set
this up and assume that IPsec will be the chosen method for implementing the tunnel.
To create this setup we need to perform the normal OSPF steps described above but with the
following additional steps:
1. Set up an IPsec tunnel
First set up an IPsec tunnel in the normal way between the two firewalls A and B. The IPsec setup
options are explained in Section 9.2, "VPN Quick Start".
This IPsec tunnel is now treated like any other interface when configuring OSPF in NetDefendOS.
2. Choose a random internal IP network
For each firewall, we need to choose a random IP network using internal, private IPv4 addresses.
For example, for firewall A we could use the network 192.168.55.0/24.
This network is used just as a convenience with OSPF setup and will never be associated with a
real physical network.
3. Define an OSPF Interface for the tunnel
Define an NetDefendOS OSPF Interface object which has the IPsec tunnel for the Interface
parameter. Specify the Type parameter to be point-to-point and the Network parameter to be the
network chosen in the previous step, 192.168.55.0/24.
This OSPF Interface tells NetDefendOS that any OPSF related connections to addresses within the
network 192.168.55.0/24 should be routed into the IPsec tunnel.
4. Define an OSPF Neighbor
Next, we must explicitly tell OSPF how to find the neighboring OSPF router. Do this by defining a
NetDefendOS OSPF Neighbor object. This consists of a pairing of the IPsec tunnel (which is
treated like an interface) and the IP address of the router at the other end of the tunnel.
Iface
Gateway
lan
wan
wan
172.16.2.1
351
Chapter 4: Routing
Local IP
Metric
0
0
1
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
