BGP connection between Inside and Outside router with authentication.
Basically, ASA doesn't support BGP.
However, BGP will work well between two routers through ASA. Just open port 179(BGP)
Inside router
Outside router
The problem is when two routers are configured with authentication.
The authentication info(MD5) for BGP is in TCP header with option 19.
ASA, by default, changes TCP header option number.
When BGP configured with authentication, it sends with port number 179(BGP) and TCP header option number 19.
In_BGP ------port 179, header option # 19----> ASA ------port 179, header option ?----> Out_BGP
In_BGP <------port 179, header option # ?---- ASA <------port 179, header option # 19---- Out_BGP
Therefore, BGP connection can't be established.
Solution:
- configure a ASA servie policy rule not to change TCP hearder option #19 between two routers.
RESULT
No comments:
Post a Comment