D-Link DFL-260-IPS-12 Product Manual - Page 190
OSPF Routing Information Exchange Begins Automatically, Confirming OSPF Deployment
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 190 highlights
4.5.5. Setting Up OSPF Chapter 4. Routing OSPF Routing Information Exchange Begins Automatically As the new configurations are created in the above steps and then deployed, OSPF will automatically start and begin exchanging routing information. Since OSPF is a dynamic and distributed system, it does not matter in which order the configurations of the individual firewalls are deployed. When the physical link is plugged in between two interfaces on two different firewalls and those interfaces are configured with OSPF Router Process objects, OSPF will begin exchanging routing information. Confirming OSPF Deployment It is now possible to check that OSPF is operating and that routing information is exchanged. We can do by listing the routing tables either with the CLI or using the Web Interface. In both cases, routes that have been imported into the routing tables though OSPF are indicated with the letter "O" to the left of the route description. For example, if we use the routes command, we might see the following output: gw-world:/> routes Flags Network Iface Gateway Local IP Metric 192.168.1.0/24 lan 0 172.16.0.0/16 wan 0 O 192.168.2.0/24 wan 172.16.2.1 1 Here, the route for 192.168.2.0/24 has been imported via OSPF and that network can be found on the WAN interface with the gateway of 172.16.2.1. The gateway in this case is of course the NetDefend Firewall to which the traffic should be sent. That firewall may or may not be attached to the destination network but OSPF has determined that that is the optimum route to reach it. The CLI command ospf can also be used to indicate OSPF status. The options for this command are fully described in the CLI Reference Guide. Sending OSPF Traffic Through a VPN Tunnel In some cases, the link between two NetDefend Firewalls which are configured with OSPF Router Process objects may be insecure. For example, over the public Internet. In this case, we can secure the link by setting up a VPN tunnel between the two firewalls and telling OSPF to use this tunnel for exchange of OSPF information. Next, we will look at how to set this up and assume that IPsec will be the chosen method for implementing the tunnel. To create this setup we need to perform the normal OSPF steps described above but with the following additional steps: 1. Set up an IPsec tunnel First set up an IPsec tunnel in the normal way between the two firewalls A and B. The IPsec setup options are explained in Section 9.2, "VPN Quick Start". This IPsec tunnel is now treated like any other interface when configuring OSPF in NetDefendOS. 2. Choose a random internal IP network For each firewall we need to choose a random IP network using internal IP addresses. For example, for firewall A we could use the network 192.168.55.0/24. 190