BGP uses tcp to build the connection. In a BGP connection, the tcp connection is formed in either in one direction. Now, if you are not going punch inbound holes, then BGP connection are always outbound. In the lab, they might say the BGP connection should be allowed to initiate from any of the peers, then you should punch inbound hole.
With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Sun, Sep 2, 2012 at 11:13 PM, Eugene Pefti <[email protected]>wrote: > Hello folks,**** > > I have a rhetoric question.**** > > I believe this is a classic task when BGP peers need to authenticate > through the ASA but my question is not about it.**** > > One of my BGP peers is on outside of the ASA and the other is inside. The > ACL on ASA doesn’t allow BGP traffic from the outside peer and I see > corresponding denies when it tries to talk to the inside peer.**** > > But nothing prevents the inside peer to establish the active session with > its outside peer and they successfully do it.**** > > Now the question. Would you add the ACL on the ASA outside interface to > allow BGP traffic from the outside peer to the inside one or as long as > they can establish the session that originates from the inside BGP peer we > are OK?**** > > ** ** > > Eugene**** > > ** ** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
