ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Filtering OSPF route Advertisement

06.10.09   |  
‎06-10-2009 08:04 AM

Hi All,

 

         I  have a Site to site SSG to SSG VPN connection which is doing OSPF.  My head office has about 500 routes due to all the remote offices.  All the remote offices have an this site to site connection with OSPF.  Essentially the Remote offices need the routes for a select few places but since OSPF is running the remote sites get all 500 routes in their routing table.  

 

        Is there a way I can filter and only send the 5-6 routes that are important throug the OSPF tunnel.  The filtering would happen on a SSG 550.

 

ps.  I dont want to just add statics at the remote sites because I actually have two SSG's with two different internets and OSPF calculates my failover.  Everything works great I would just like to make my routing tables smaller.

 

 

Thanks

2 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Filtering OSPF route Advertisement

06.10.09   |  
‎06-10-2009 10:15 AM

All OSPF neighbors in the same area have the same SPF database so you cannot send only 5 routes.

 

You can use mutiple areas and summarize routes coming from the backbone.

 

Hope this helps,

Cesar

 

ScreenOS Firewalls (NOT SRX)

Re: Filtering OSPF route Advertisement

11.22.09   |  
‎11-22-2009 11:37 PM

Hello Cesar,

 

I think Site to Site VPN tunnels must be in Area 0. right?.

 

regards

Shaf