BGP Peering not working thru ASA

Dear Experts,

I  am facing  problems  to establish E-BGP peering between 2 routers where an ASA firewall is placed in between  with  NAT-CONTROL enabled. Last time I have forgotten to enable a static identity NAT  for the external interface for the BGP peer into its outside  interface by which the peering was not formed . Do I need to disbale  rendom sequence options incase if I am not running BGP authentication  using static command ? In my understanding this is  only required when  peer passwords are enabled. Is it true ?

regards V


  • I'm pretty sure you need to enable bgp multihop on the bgp peers and disable random sequence either policy, or on a static.  I think the latter sounds better if you are just doing this to the traffic.  I think you also need to permit option 19 if you are using authentication which can be disabled (along with random seq) with the following policy:


    tcp-map MD5-BGP

      tcp-options range 19 19 allow   

    class-map CLASS-MD5-BGP

      match port tcp eq 179

    policy-map global_policy

     class CLASS-MD5-BGP

      set connection advanced-options MD5-BGP

      set connection random-sequence-number disable 

Sign In or Register to comment.