Hi King, The md5 authentication is sent in tcp options 19 thats dropped by default by the ASA. This is why the peer is not seeing any digest.
If the tcp options is allow and you did not disable tcp random sequence on the ASA, then you see the invalid digest message. Regards. ________________________________ From: Kingsley Charles <[email protected]> To: [email protected] Sent: Tuesday, September 15, 2009 12:56:59 PM Subject: [OSL | CCIE_Security] BPG across ASA Hi all It's pretty straight forward and I am trying to have BGP across an ASA. I get this error: %TCP-6-BADAUTH: No MD5 digest from <remote addr> (53396) to <local addr> (179) I see this issue only when the BGP is crossing the ASA. What could be the reason? Even if ASA, modifies the packet, I should get %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
