Packetslave Industries » BGP http://www.packetslave.com This is my blog. There are many like it, but this one is mine. Tue, 20 Jul 2010 19:04:43 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 BGP Through an ASA with Authentication http://www.packetslave.com/2009/07/12/bgp-through-an-asa-with-authentication/ http://www.packetslave.com/2009/07/12/bgp-through-an-asa-with-authentication/#comments Sun, 12 Jul 2009 19:34:04 +0000 blanders http://www.packetslave.com/?p=173 By default, the ASA will strip TCP option 19 causing MD5 authentication for BGP to fail.  In addition, the ASA randomizes the TCP sequence numbers, which also breaks things.  To fix this:

tcp-map BGP_FIX
  tcp-options range 19 19 allow
!
access-list BGP permit tcp any any eq 179
!
class BGP
  match access-list BGP
  !! could also use match protocol tcp eq bgp
!
policy-map global_policy
  class BGP
    set connection advanced-options BGP_FIX
    set connection random-sequence-number disable
!
]]> http://www.packetslave.com/2009/07/12/bgp-through-an-asa-with-authentication/feed/ 0