BGP session establishment through Firewall

From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Fri Jun 06 2003 - 18:40:08 GMT-3

Next message: Songbin Wei: "Re: Nat Problem"
Previous message: Brian Dennis: "RE: BGP session establishment through Firewall"
Next in thread: Brian Dennis: "RE: BGP session establishment through Firewall"
Maybe reply: Brian Dennis: "RE: BGP session establishment through Firewall"
Maybe reply: Volkov, Dmitry (IDS Canada): "RE: BGP session establishment through Firewall"
Maybe reply: Thomas Larus: "Re: BGP session establishment through Firewall"
Maybe reply: Raymond Jett \(rajett\): "RE: BGP session establishment through Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

R1------(in)PIX(out)-----R2
FW does PAT for inside network to outside

Both peers trying to establish BGP via TCP 179.
FW blocks TCP 179 in one way (from outside to inside, because no transl slot
exist and no access-list conduit)
however neighboring is established via another way session (from inside to
outside) only.
So, it's enough one way TCP - no necessity to open TCP 179 from outside to
inside.
Is it right ?? Is there any rule - which session allowed to establish
neighboring
(like, I don't know, from higher BGP identifier to lower or something like
that) ?

Dmitry

Next message: Songbin Wei: "Re: Nat Problem"
Previous message: Brian Dennis: "RE: BGP session establishment through Firewall"
Next in thread: Brian Dennis: "RE: BGP session establishment through Firewall"
Maybe reply: Brian Dennis: "RE: BGP session establishment through Firewall"
Maybe reply: Volkov, Dmitry (IDS Canada): "RE: BGP session establishment through Firewall"
Maybe reply: Thomas Larus: "Re: BGP session establishment through Firewall"
Maybe reply: Raymond Jett \(rajett\): "RE: BGP session establishment through Firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:54 GMT-3