Hello folks, I have a rhetoric question. I believe this is a classic task when BGP peers need to authenticate through the ASA but my question is not about it. One of my BGP peers is on outside of the ASA and the other is inside. The ACL on ASA doesn't allow BGP traffic from the outside peer and I see corresponding denies when it tries to talk to the inside peer. But nothing prevents the inside peer to establish the active session with its outside peer and they successfully do it. Now the question. Would you add the ACL on the ASA outside interface to allow BGP traffic from the outside peer to the inside one or as long as they can establish the session that originates from the inside BGP peer we are OK?
Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
