Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-22-2022 07:58 AM
Dear experts
I set a PA firewall as an ASBR, connects to a RIP and a OSPF area with eth1/1 and eth1/2 respectively. And created 2 loopback interfaces on PA, advertised them into RIP and OSPF respectively. Then I can reach them within RIP and OSPF area separately. Now I create redistribution profiles RIP-2-OSPF and OSPF-2-RIP, and apply them to OSPF and RIP. Finally, I only can reach the loopback address on cisco routers in two areas each other, but can't see the loopback address on PA. That is to say, I can't reach any PA's /32 host address which is advertised in RIP AS from OSPF and vice versa. Why? Any setting is missed by me? Thanks
04-24-2022 03:41 PM
Thank you for the post @DexinLi
if you are trying to redistribute loopback interface of the Firewall, then it is redistribution of connected route and not RIP/OSPF learned route. I would try to configure 2 redistribution profiles under: Network > Virtual Router > [VR name] > Redistribution Profile
then create one for Loopback.1 (select source type: connect and select: Redist) and another one for Loopback.0 (select source type: connect and select: Redist).
Finally, I would redistribute profile for Loopback.1 into RIP and Loopback.0 into OSPF.
You can confirm result by checking routing table of R1 and R2.
Kind Regards
Pavel
04-23-2022 12:37 AM
Assuming that you're testing via ICMP, do you have an interface mgmt profile assigned that actually allows ICMP from the host you are testing from? Without a management profile assigned on the loopback interface the interface would appear to be unreachable.
04-23-2022 06:35 PM
Thank you so much, Gentlemen, for your prompt reply
Let me illustrate my question with below diagram.
Loopback0 is advertised into RIP and pingable from R1
Loopback1 is advertised into OSPF and pingable from R2
Do redistribute between RIP and OSPF.
Loopback address of R1 is reachable from R2 and Loopback address of R2 is also reachable from R1.
But Loopback0 of firewall can't reach from R2 and Loopback1 of firewall can't reach from R1.
That's to say, loopback address of firewall can't be redistributed between protocols. Why?
I test the same situation on cisco router, there's no problem. Any special settings is needed? Thanks
04-24-2022 03:41 PM
Thank you for the post @DexinLi
if you are trying to redistribute loopback interface of the Firewall, then it is redistribution of connected route and not RIP/OSPF learned route. I would try to configure 2 redistribution profiles under: Network > Virtual Router > [VR name] > Redistribution Profile
then create one for Loopback.1 (select source type: connect and select: Redist) and another one for Loopback.0 (select source type: connect and select: Redist).
Finally, I would redistribute profile for Loopback.1 into RIP and Loopback.0 into OSPF.
You can confirm result by checking routing table of R1 and R2.
Kind Regards
Pavel
04-24-2022 06:13 PM
Thanks a lot, Pavel.
Understand. Loopback interface of Firewall can't be redistributed as learned route by dynamic route protocol like cisco. Actually, I can advertise both lookback addresses into RIP and OSPF area in parallel and don't need worry about conflict issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
