Fireware How To Dynamic Routing

Similar documents
Fireware How To Dynamic Routing

How do I configure multi-wan in Routing Table mode?

Configuration Example

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

How do I set up a branch office VPN tunnel with the Management Server?

Fireware How To Network Configuration

Fireware How To Logging and Notification

Configuring RIP. Overview. Routing Update Process CHAPTER

- Routing Information Protocol -

How To Configure Some Basic OSPF Routing Scenarios. Introduction. Technical Guide. List of terms

Configuration Example

Chapter 8 Advanced Configuration

Fireware How To Authentication

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

Layer 3 Routing User s Manual

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

IPsec VPN Application Guide REV:

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Administrative Distance

Configuration Example

CCT vs. CCENT Skill Set Comparison

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Configuring a WatchGuard SOHO to SOHO IPSec Tunnel

Using the Border Gateway Protocol for Interdomain Routing

Configuration Example

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Guideline for setting up a functional VPN

Using IPsec VPN to provide communication between offices

Scenario 1: One-pair VPN Trunk

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

OSPF REFERENCE GUIDE. VYATTA, INC. Vyatta System. Title

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

IP Filter/Firewall Setup

Configuration Example

Cisco Configuring Commonly Used IP ACLs

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

Firebox X550e, Firebox X750e, Firebox X1250e Firebox X5500e, Firebox X6500e, Firebox X8500e, Firebox X8500e-F

UIP1868P User Interface Guide

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Chapter 3 LAN Configuration

VPN Configuration Guide WatchGuard Fireware XTM

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

EIGRP Commands. Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols IP2R-141

Configuring IP Load Sharing in AOS Quick Configuration Guide

VPN Tracker for Mac OS X

How To Understand Bg

Configuring a Gateway of Last Resort Using IP Commands

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Configuring Static IP for your Pace Devices

How to Configure Cisco 2600 Routers

Multi-Homing Security Gateway

GregSowell.com. Mikrotik Routing

Adding an Extended Access List

BGP (Border Gateway Protocol)

Lab 2 - Basic Router Configuration

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

DSL-G604T Install Guides

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Objectives. Router as a Computer. Router components and their functions. Router components and their functions

configure WAN load balancing

Network Load Balancing

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Configuring Tunnel Default Gateway on Cisco IOS EasyVPN/DMVPN Server to Route Tunneled Traffic

How to put the DVR online

How To Industrial Networking

Network Protocol Configuration

How To Manage Outgoing Traffic On Fireware Xtm

How To Configure L2TP VPN Connection for MAC OS X client

WatchGuard System Manager User Guide. WatchGuard System Manager v8.0

Cisco - Configure the 1721 Router for VLANs Using a Switch Module (WIC-4ESW)

Integration Guide. LogicNow MAXfocus

NAPT. (SV8100 version 3.0 or higher)

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Classroom Management network FAQ and troubleshooting

IOS NAT Load Balancing for Two ISP Connections

WatchGuard Mobile User VPN Guide

Networking. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Configuring Infoblox DHCP

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Technical Support Information

HOWTO: How to configure IPSEC gateway (office) to gateway

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Broadband Phone Gateway BPG510 Technical Users Guide

Broadband Router ESG-103. User s Guide

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

- Route Filtering and Route-Maps -

Blue Coat Security First Steps Transparent Proxy Deployments

Configuring H.323 over Port Network Address Translation (PNAT) for Avaya IP Endpoints using the Avaya SG200 Security Gateway - Issue 1.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Course Contents CCNP (CISco certified network professional)

RF550VPN and RF560VPN

GNAT Box VPN and VPN Client

SOHO 6 Wireless Installation Procedure Windows 95/98/ME with Internet Explorer 5.x & 6.0

Transcription:

Fireware How To Dynamic Routing How do I configure the Firebox to use RIP? Introduction A routing protocol is the language a router speaks with other routers to share information about the status of network routing tables. With static routing, routing tables are set and do not change. If a router on the remote path fails, a packet cannot get to its destination. Dynamic routing lets routing tables in routers change as the routes change. If the best path to a destination cannot be used, dynamic routing protocols change routing tables when necessary to keep your network traffic moving. Fireware Pro gives support to RIP v1 and v2, OSPF, and BGP v4 dynamic routing protocols. RIP (Routing Information Protocol) is used to manage router information in a self-contained network, such as a corporate LAN or a private WAN. With RIP, a gateway host sends its routing table to the closest router every 30 seconds. This router, in turn, sends the contents of its routing tables to neighboring routers. RIP is best for small networks. This is because the transmission of the full routing table every 30 seconds can put a large traffic load on the network, and because RIP tables are limited to 15 hops. OSPF is a better alternative for larger networks. There are two versions of RIP. RIP v1 uses a UDP broadcast over port 520 to send updates to routing tables. RIP v2 uses multicast to send routing table updates. Is there anything I need to know before I start? To use any of the dynamic routing protocols with Fireware, you must import or type a dynamic routing configuration file for the routing daemon you choose. This configuration file includes information such as a password and log file name. You can find a sample RIP configuration file in this FAQ: https://www.watchguard.com/support/advancedfaqs/fw_dynroute-ex.asp Notes about configuration files: The! and the # characters are comment characters. If the first character of the word is one of the comment characters, then the rest of the line is interpreted as a comment. If the comment character is not the first character of the word, it is interpreted as a command. Usually, you can use the word no at the beginning of the line to disable a command. For example: no network 10.0.0.0/24 area 0.0.0.0 disables the backbone area on the specified network. Supported RIP routing commands to use in your routing daemon configuration file To create or modify a routing configuration file, here is a catalog of supported routing commands for RIP v1 and RIP v2. If you use RIP v2, you must include the subnet mask with any command that uses a network IP address or RIP v2 will not operate. The sections must appear in the configuration file in the same order they appear in this table. 1

RIP Routing Commands Section Command Description Set simple password or MD5 authentication on an interface interface eth[n] ip rip authentication string [PASSWORD] key chain [KEY-CHAIN] key [INTEGER] key-string [AUTH-KEY] interface eth[n] ip rip authentication mode md5 ip rip authentication mode key-chain [KEY-CHAIN] Configure RIP routing daemon Begin section to set authentication type for interface Set RIP authentication password Set MD5 key chain name Set MD5 key number Set MD5 authentication key Begin section to set authentication type for interface Use MD5 authentication Set MD5 authentication key-chain router rip Enable RIP daemon version [1 2] Set RIP version to 1 or 2 (default version 2) ip rip send version [1 2] Set RIP to send version 1 or 2 ip rip receive version [1 2] Set RIP to receive version 1 or 2 no ip split-horizon Disable split-horizon; enabled by default Configure interfaces and networks no network eth[n] passive-interface eth[n] passive-interface default network [A.B.C.D/M] neighbor [A.B.C.D/M] Distribute routes to RIP peers and inject OSPF or BGP routes to RIP routing table default-information originate redistribute kernel redistribute connected redistribute connected routemap [MAPNAME] redistribute ospf redistribute ospf route-map [MAPNAME] redistribute bgp redistribute bgp route-map [MAPNAME] Configure route redistribution filters with route maps and access lists access-list [PERMIT DENY] [LISTNAME] [A.B.C.D/M ANY] Share route of last resort (default route) with RIP peers Redistribute firewall static routes to RIP peers Redistribute routes from all interfaces to RIP peers Redistribute routes from all interfaces to RIP peers, with a route map filter (mapname) Redistribute routes from OSPF to RIP Redistribute routes from OSPF to RIP, with a route map filter (mapname) Redistribute routes from BGP to RIP Redistribute routes from BGP to RIP, with a route map filter (mapname) Create an access list to only allow or deny redistribution of an IP address or of any 2

Configuring your Firebox to Use RIP v1 Section Command Description route-map [MAPNAME] permit [N] match ip address [LISTNAME] Create a route map with a name and allow with a priority of N Configuring your Firebox to Use RIP v1 1 From Policy Manager, select Network > Dynamic Routing. The Dynamic Routing Setup dialog box appears. 2 Click Enable Dynamic Routing and Enable RIP. 3 Click Import to import a routing daemon configuration file, or type your configuration file in the text box. If you click Import, you can browse to the location of the RIP daemon configuration template. It is located in C:\Documents and Settings\My Documents\My WatchGuard. 4 Click OK. Allowing RIP v1 traffic through the Firebox You must add and configure a policy to allow RIP broadcasts from the router to the network broadcast IP address. You must also add the IP address of the Firebox interface to the To field. 1 From Policy Manager, select Edit > Add Policies. From the list of packet filters, select RIP. Click Add. The New Policy Properties window appears for RIP.

2 In the New Policy Properties dialog box, configure the policy to allow traffic from the IP or network address of the router that uses RIP to the Firebox interface it connects to. You must also add the network broadcast IP address. 3 Click OK. Configuring Fireware to Use RIP v2 1 In Policy Manager, select Network > Dynamic Routing. The Dynamic Routing Setup dialog box appears. 2 Click Enable Dynamic Routing and Enable RIP. 4

3 Click Import to import a routing daemon configuration file, or type your configuration parameters in the text box. If you click Import, you can browse to the location of the RIP daemon configuration file. It is located in C:\Documents and Settings\My Documents\My WatchGuard. 4 Click OK. Allowing RIP v2 traffic through the Firebox You must add and configure a policy to allow RIP v2 multicasts from the routers that have RIP v2 enabled to the reserved multicast IP address for RIP v2. 1 From Policy Manager, select Edit > Add Policies. From the list of packet filters, select RIP. Click Add. The New Policy Properties window appears for RIP. 2 In the New Policy Properties window, configure the policy to allow traffic from the IP or network address of the router using RIP to the multicast address 224.0.0.9. 3 Click OK. SUPPORT: www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.613.0456 COPYRIGHT 2006 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, and Core are registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. 5

Frequently Asked Questions About This Procedure What s the best way to get started? To get started, you really only need two commands in your RIP configuration file. These two commands, in this order, will start the RIP process: router rip network <network IP address of the interface you want the process to listen on and distribute through the protocol> On the Firebox, you also need to add the RIP policy as described in the document above. You can configure to policy to allow any to any until you are sure RIP is working, and then restrict the policy as recommended above. Finally, you must set up the router for the Firebox to talk to. After it is configured, look at the Firebox Status Report dynamic routing section to verify that the Firebox and the router are sending updates to each other. You can then add authentication and restrict the RIP policy to listen only on the correct interfaces. 6