Hi all One more clarification.
In my setup, I have disabled nat-control using "no nat-control". Both the interfaces connected to the BGP peers are with securty-level 100. Even, if NAT is disabled on the ASA, the tcp port number is randomized and the following should be configured to disable it. "set connection random-sequence-number disable" Now, if I enable NAT control (nat-control), is the above command suffice or should I include "norandomseq" in the static cmd. I tried configuring static without "norandomseq" and I don't see any issues. It seems the policy map over-writes the NAT rule. With regards Kings On Tue, Sep 15, 2009 at 6:02 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > Thanks to all for your inputs. > > > With regards > Kings > > On Tue, Sep 15, 2009 at 5:36 PM, Pieter-Jan Nefkens < > [email protected]> wrote: > >> Hi, >> Check the following document: >> >> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.shtml >> >> If BGP authentication is used, the ASA must have the tcp-map enabled, >> because the MD5 hash is also over the tcp options in the header. So you must >> use a tcp-map option.. >> >> Pieter-Jan >> >> On 15 sep 2009, at 13:56, Kingsley Charles wrote: >> >> Hi all >> >> It's pretty straight forward and I am trying to have BGP across an ASA. I >> get this error: >> >> %TCP-6-BADAUTH: No MD5 digest from <remote addr> (53396) to <local addr> >> (179) >> I see this issue only when the BGP is crossing the ASA. >> >> What could be the reason? >> >> Even if ASA, modifies the packet, I should get %TCP-6-BADAUTH: Invalid >> MD5 digest from [peer's IP address]:11004 to [local router's IP address]:179 >> >> >> >> With regards >> >> Kings >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> --- >> >> Nefkens Advies >> >> Enk 26 >> >> 4214 DD Vuren >> >> The Netherlands >> >> >> Tel: +31 183 634730 >> >> Fax: +31 183 690113 >> >> Cell: +31 654 323221 >> >> Email: [email protected] >> >> Web: http://www.nefkensadvies.nl/ >> >> Think before you print. >> >> >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
