Re: [OSL | CCIE_Security] BGP through ASA

Sun, 02 Sep 2012 19:05:57 -0700 

Just remember the keyword at the end of the ACL for BGP passing through the  
ASA. ;) (google that)

Regards,
Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
Sent from my iPhone

On Sep 2, 2012, at 8:49 PM, Fawad Khan <[email protected]> wrote:

> For the exam I would do what the task say. And NOT overdo/ or over think.
> 
> On Sunday, September 2, 2012, Eugene Pefti wrote:
> I assume it is only for the situation when you need to control outbound 
> traffic. For the purpose of CCIE lab should we bother with outbound ACL? It 
> is trusted traffic per ASA security levels. 
> 
> Sent from iPhone
> 
> On Sep 2, 2012, at 11:13 AM, "Fawad Khan" <[email protected]> wrote:
> 
>> The best scenario would be to have acl on both interfaces to allow 
>> communication from either side.
>> I would Ab inbound acl on the outside interface and inside interface.
>> 
>> On Sunday, September 2, 2012, Eugene Pefti wrote:
>> Hello folks,
>> 
>> I have a rhetoric question.
>> 
>> I believe this is a classic task when BGP peers need to authenticate through 
>> the ASA but my question is not about it.
>> 
>> One of my BGP peers is on outside of the ASA and the other is inside. The 
>> ACL on ASA doesn’t allow BGP traffic from the outside peer and I see 
>> corresponding denies when it tries to talk to the inside peer.
>> 
>> But nothing prevents the inside peer to establish the active session with 
>> its outside peer and they successfully do it.
>> 
>> Now the question.  Would you add the ACL on the ASA  outside interface  to 
>> allow BGP traffic from the outside peer to the inside one or as long as they 
>> can establish the session that originates from the inside BGP peer we are OK?
>> 
>>  
>> 
>> Eugene
>> 
>>  
>> 
>> 
>> 
>> -- 
>> FNK, CCIE Security#35578
> 
> 
> -- 
> FNK, CCIE Security#35578
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to