---------- Forwarded message ---------- From: Waldemar Pera <[email protected]> Date: Tue, Sep 15, 2009 at 5:33 PM Subject: Re: [OSL | CCIE_Security] BPG across ASA To: Kingsley Charles <[email protected]>
Hi Kings, ASA 7.X and 8.X needs to forward the TCP option 19. BGP MD5 travels over that TCP option. Also, you need Identity NAT and no Random Sequence. The BGP MD5 use that values to calcule the hash. Regards, Waldemar Pera "Murphy is out there, ready to make your life miserable" *From:* Kingsley Charles <[email protected]> *Sent:* Tuesday, September 15, 2009 8:56 AM *To:* [email protected] *Subject:* [OSL | CCIE_Security] BPG across ASA Hi all It's pretty straight forward and I am trying to have BGP across an ASA. I get this error: %TCP-6-BADAUTH: No MD5 digest from <remote addr> (53396) to <local addr> (179) I see this issue only when the BGP is crossing the ASA. What could be the reason? Even if ASA, modifies the packet, I should get %TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 With regards Kings ------------------------------ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
