iBGP Between Palo Alto and Cisco Router

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

iBGP Between Palo Alto and Cisco Router

L1 Bithead

Got two Cisco ISR 4431 as border routers peering with 2 ISP. Got PA-850 that I need to configure as:

  1. HA
  2. iBGP - OSPF
  3. configured ip unnumbered on the Palo Alto interface connecting to the Cisco 

Any configuration example out there that can assist will be really appreciated

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @usaiatawakevou ,

 

PA does not support routing without an IP address.  I would put 2 switches in the middle for redundancy, but if you don't want to do that you could configure IRB on the 4431s so that Gi0/0/0 and Gi0/0/1 are in the same subnet.

 

With regard to BGP, the PA is RFC compliant and can form the iBGP neighbor.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

7 REPLIES 7

L1 Bithead

This is my planned setup

PA-Cisco-iBGP.PNG

 

L4 Transporter

What exactly are you trying to accomplish?

I've listed it above on my initial post

L4 Transporter

You listed what you want to configure, not what you're trying to accomplish. 

When you say IP unnumbered, does that mean you want to use vwire? What are you trying to do with OSPF and BGP? Egress and Ingress paths? Full tables/provider table/default? Are there public resources behind the PA? A/A vs A/P?  Is there a reason you don't have L2 switch between the FW and routers?

Without knowing what you're trying to do, it's hard to provide any feedback. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!