Re: BGP, TCP, & Firewalls [7:14286]

Tue, 31 Jul 2001 05:14:15 -0700 

Thanks Alan

John

----- Original Message ----- 
From: "W. Alan Robertson" 
To: "John Abruzzese" ; 
Sent: Monday, July 30, 2001 6:21 PM
Subject: Re: BGP, TCP, & Firewalls [7:14286]


> John,
> 
> Not to the best of my knowledge...  The way I understand it, after
> you've got each router configured, they will each periodically attempt
> to bring up the session.  This session is like any other normal TCP
> session.
> 
> The initiator uses an arbitrary port above 1024 to originate, and
> attempts to connect to the other router on well-known port 179.  All
> traffic will flow across this connection.
> 
> Alan
> 
> ----- Original Message -----
> From: "John Abruzzese" 
> To: "W. Alan Robertson" ;
> 
> Sent: Tuesday, July 31, 2001 3:04 AM
> Subject: Re: BGP, TCP, & Firewalls [7:14286]
> 
> 
> > Alan,
> >
> > When trying to connect to a peer using eBGP don't both routers have
> to allow
> > port 179 inbound to complete the BGP synchronization process before
> 2 eBGP
> > speakers can talk? like the notification process etc? Just
> wondering.
> >
> > John
> >
> > ----- Original Message -----
> > From: "W. Alan Robertson" 
> > To: 
> > Sent: Monday, July 30, 2001 4:53 PM
> > Subject: Re: BGP, TCP, & Firewalls [7:14286]
> >
> >
> > > Yes, you need to allow TCP port 179 outbound...  This way, only
> your
> > > internal BGP speaker will be allowed to initiate the connection,
> and
> > > external probes inbound on 179 will fail (No need to let those
> nasty
> > > hacker know that you're running BGP through the firewall, right?).
> > >
> > > Alan
> > >
> > > ----- Original Message -----
> > > From: "Circusnuts"
> > > To:
> > > Sent: Monday, July 30, 2001 7:14 PM
> > > Subject: BGP, TCP, & Firewalls [7:14286]
> > >
> > >
> > > > I'm surveying a project I have been slated for @ work & I was
> > > wondering if
> > > > the
> > > > BGP guru's could help clear-up a question.  If I were to run
> > > internal BGP &
> > > > external BGP, am I forced to leave a TCP port open in the
> firewall
> > > ???
> > > >
> > > > I had not an answer when the customer asked me this  :-P
> > > >
> > > > Thanks
> > > > Phil
> > > [EMAIL PROTECTED]
> [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14347&t=14286
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to