From: Jens Petter (jenseike@start.no)
Date: Sat Jul 15 2006 - 10:52:15 ART
If you are using MD5 hashing passwork authentication with your bgp peering
trough the pix, you would need to disable random sequesnsing. The hashnumber
is
included in the TCP packet header option field. The PIX is by default
offsetting the
sequens number by a random value. BGP peers with tcp using the orginal
sequence
number to make a 128 bit hash value. If you not disable this the other BGP
peer would fail that authentication..
For ordernary peering trough pix without authentication you don't need to
disable this feature, and you should not...
Jens Petter
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Stefan Grey
Sent: 15. juli 2006 14:21
To: ccielab@groupstudy.com
Subject: Pix, static command and nonrandomseq
Why this nonradnodm seq is added at the end of static command when we
configure bgp through PIX.
I read that it is used for some sequirity. Why it is used with BGP?? (Why
don't we use it in other cases and why use it in case of using BGP)??
Thanks,
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART