Re: BGP Peering not working thru ASA
Thanks Mate . You are spot on and it worked. What I could also do here to disbale random sequence number thru Static command as well
Regards V
--- On Sat, 12/20/08, pestewart wrote:
> From: pestewart
> Subject: Re: [CCIE Sec] BGP Peering not working thru ASA
> To: [email protected]
> Date: Saturday, December 20, 2008, 6:44 PM
> I'm pretty sure you need to enable bgp multihop on the
> bgp peers and disable random sequence either policy, or on a
> static. I think the latter sounds better if you are just
> doing this to the traffic. I think you also need to permit
> option 19 if you are using authentication which can be
> disabled (along with random seq) with the following policy:
>
> tcp-map MD5-BGP
> tcp-options range 19 19 allow
> class-map CLASS-MD5-BGP
> match port tcp eq 179
> policy-map global_policy
> class CLASS-MD5-BGP
> set connection advanced-options MD5-BGP
> set connection random-sequence-number disable
>
> --
> View this message online at:
> http://ieoc.com/forums/p/4369/14197.aspx#14197
> --
> Internetwork Expert - The Industry Leader in CCIE
> Preparation
> http://www.internetworkexpert.com
>
> Subscription information may be found at:
> http://www.ieoc.com/forums/ForumSubscriptions.aspx
Regards V
--- On Sat, 12/20/08, pestewart wrote:
> From: pestewart
> Subject: Re: [CCIE Sec] BGP Peering not working thru ASA
> To: [email protected]
> Date: Saturday, December 20, 2008, 6:44 PM
> I'm pretty sure you need to enable bgp multihop on the
> bgp peers and disable random sequence either policy, or on a
> static. I think the latter sounds better if you are just
> doing this to the traffic. I think you also need to permit
> option 19 if you are using authentication which can be
> disabled (along with random seq) with the following policy:
>
> tcp-map MD5-BGP
> tcp-options range 19 19 allow
> class-map CLASS-MD5-BGP
> match port tcp eq 179
> policy-map global_policy
> class CLASS-MD5-BGP
> set connection advanced-options MD5-BGP
> set connection random-sequence-number disable
>
> --
> View this message online at:
> http://ieoc.com/forums/p/4369/14197.aspx#14197
> --
> Internetwork Expert - The Industry Leader in CCIE
> Preparation
> http://www.internetworkexpert.com
>
> Subscription information may be found at:
> http://www.ieoc.com/forums/ForumSubscriptions.aspx
Comments
Glad you figured it out and yes you can disable random seq on the static. I'm not sure why this didn't link to the original part of to thread, so I am providing the link below.
Link to original part of the thread.
http://ieoc.com/forums/t/4369.aspx