Re: [OSL | CCIE_Security] BPG across ASA

[Pieter-Jan Nefkens]

Hi, Check the following document: http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.shtml If BGP authentication is used, the ASA must have the tcp-map enabled, because the MD5 hash is also over the tcp options in the header. So you must use a tcp-map option.. Pieter-Jan On 15 sep 2009, at 13:56, Kingsley Charles wrote: Hi all   It's pretty straight forward and I am trying to have BGP across an ASA. I get this error: %TCP-6-BADAUTH: No MD5 digest from <remote addr> (53396) to <local addr> (179) I see this issue only when the BGP is crossing the ASA.   What could be the reason?   Even if ASA, modifies the packet, I should get  %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179     With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com