You have routes for the BGP advertised routes but the ping is failing to them?
Have you disabled nat-control? With regards Kings On Wed, Dec 29, 2010 at 4:54 PM, kamran shakil <[email protected]>wrote: > Dears, > I am seriously confused here .... i made a very simple setup to test BGP > between 2 routers , putting 1 ASA in the middle and was doing the lab, that > finally i noticed something strang ??? my ROUTES are all OK , i can learn > routes on the remote routers thru ASA, and i did the TCP-OPTIONS and also > RANDOM SEQ. disable, and since nat-control was enabled, I also did the > static IDENTITY NAT .... but PING is not working............................ > !!! I am pasting the configs.. > > " EXPERTS....guide me ..plz " > > > * R1 -- > ASA ---- R2 > * > > > R1 : > === > interface Loopback1 > ip address 11.11.11.11 255.255.255.255 > ! > interface Loopback100 > ip address 100.100.100.100 255.255.255.0 > ! > interface FastEthernet0/1 > ip address 2.2.2.1 255.255.255.0 > duplex auto > speed auto > ! > router rip > version 2 > network 2.0.0.0 > network 11.0.0.0 > no auto-summary > ! > router bgp 2 > no synchronization > bgp log-neighbor-changes > network 100.100.100.0 mask 255.255.255.0 > neighbor 20.20.20.20 remote-as 1 > neighbor 20.20.20.20 password x > neighbor 20.20.20.20 ebgp-multihop 10 > neighbor 20.20.20.20 update-source Loopback1 > no auto-summary > > > ASA : > ====== > interface Ethernet0/0 > description Connected to R2 > nameif outside > security-level 0 > ip address 1.1.1.2 255.255.255.0 > ! > interface Ethernet0/1 > description Connected to R1 > nameif inside > security-level 100 > ip address 2.2.2.2 255.255.255.0 > > > access-list outside-in extended permit icmp any any > access-list outside-in extended permit tcp any any eq bgp > ! > tcp-map OPTION19 > tcp-options range 19 19 allow > > pager lines 24 > logging console debugging > logging buffered debugging > mtu outside 1500 > mtu inside 1500 > no failover > icmp unreachable rate-limit 1 burst-size 1 > icmp permit any outside > icmp permit any inside > no asdm history enable > arp timeout 14400 > nat-control > global (outside) 1 interface > nat (inside) 1 0.0.0.0 0.0.0.0 > static (inside,outside) 11.11.11.11 11.11.11.11 netmask 255.255.255.255 > access-group outside-in in interface outside > ! > router ospf 1 > network 1.1.1.0 255.255.255.0 area 0 > log-adj-changes > redistribute rip metric 1 subnets > ! > router rip > network 2.0.0.0 > redistribute ospf 1 metric 1 > version 2 > no auto-summary > ! > class-map BGP_CMAP > match port tcp eq bgp > class-map inspection_default > match default-inspection-traffic > ! > ! > policy-map global_policy > class BGP_CMAP > set connection random-sequence-number disable > set connection advanced-options OPTION19 > class inspection_default > ! > service-policy global_policy global > prompt hostname priority context > Cryptochecksum:65755c185976d9164a0b06eee25f2f42 > > > R2 : > ====== > > interface Loopback2 > ip address 20.20.20.20 255.255.255.255 > ! > interface Loopback200 > ip address 200.200.200.200 255.255.255.0 > ! > interface FastEthernet0/0 > ip address 1.1.1.1 255.255.255.0 > duplex auto > speed auto > ! > router ospf 1 > log-adjacency-changes > network 1.1.1.0 0.0.0.255 area 0 > network 20.20.20.20 0.0.0.0 area 1 > ! > router bgp 1 > no synchronization > bgp log-neighbor-changes > network 200.200.200.0 > neighbor 11.11.11.11 remote-as 2 > neighbor 11.11.11.11 password x > neighbor 11.11.11.11 ebgp-multihop 10 > neighbor 11.11.11.11 update-source Loopback2 > no auto-summary > > > --------------------------------------------------------------------------------------------------------------------------------------- > Guide me to understand this PING issue for BGP network !!!! > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
