Hi all For having BGP across ASA, I have tried the following solution:
*Peer A* (10.20.30.40) -------------------------(10.20.30.43) inside *ASA*outside (172.16.3.3) --------------------------------(172.16.3.2) *Peer B* *Peer A* ** router bgp 2 neighbor 172.16.3.2 ** *ASA* ** static (inside,outside) 172.16.3.4 10.20.30.30.40 access-list bgp extended permit tcp any any eq bgp access-list bgp extended permit tcp any eq bgp any class-map bgp match access-list bgp policy-map global_policy class bgp set connection random-sequence-number disable set connection advanced-options bgpmap *Peer B* ** router bgp 2 neighbor 172.16.3.4 In the ASA, I am translating the source IP of the BGP packet. In BGP, the IP address in the packet should match to the address configured in the neighbor list. So in Peer the neigbor is NATTed address not the original IP address BGP connection is established but if authentication is configured the MD5 signature fails with hash mis-match (may be due to translation of the IP address) With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
