RE: Pix, static command and nonrandomseq

From: Stefan Grey (examplebrain@hotmail.com)
Date: Sat Jul 15 2006 - 11:54:36 ART

• Next message: Jens Petter: "RE: Pix, static command and nonrandomseq"
• Previous message: Godswill Oletu: "Re: BGP Bestpath selection"
• Maybe in reply to: Stefan Grey: "Pix, static command and nonrandomseq"
• Next in thread: Jens Petter: "RE: Pix, static command and nonrandomseq"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When I configured IBGP session between two routers with the PIX in between.
I configured static (inside) 172.16.2.2 172.16.2.2 command and didn't add
the nonrandomseq statement. Well there is authenticaiton. I use neighbor
172.16.2.2 key cciesec command.
And the peers authenticate just ok. Is this not normal behaviour. If normal
why than use nonrandmoseq??

>From: "Jens Petter" <jenseike@start.no>
>Reply-To: "Jens Petter" <jenseike@start.no>
>To: "'Stefan Grey'" <examplebrain@hotmail.com>, <ccielab@groupstudy.com>
>Subject: RE: Pix, static command and nonrandomseq
>Date: Sat, 15 Jul 2006 15:52:15 +0200
>
>If you are using MD5 hashing passwork authentication with your bgp peering
>trough the pix, you would need to disable random sequesnsing. The
>hashnumber
>is
>included in the TCP packet header option field. The PIX is by default
>offsetting the
>sequens number by a random value. BGP peers with tcp using the orginal
>sequence
>number to make a 128 bit hash value. If you not disable this the other BGP
>peer would fail that authentication..
>
>For ordernary peering trough pix without authentication you don't need to
>disable this feature, and you should not...
>
>Jens Petter
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Stefan Grey
>Sent: 15. juli 2006 14:21
>To: ccielab@groupstudy.com
>Subject: Pix, static command and nonrandomseq
>
>Why this nonradnodm seq is added at the end of static command when we
>configure bgp through PIX.
>
>I read that it is used for some sequirity. Why it is used with BGP?? (Why
>don't we use it in other cases and why use it in case of using BGP)??
>
>Thanks,
>
>_________________________________________________________________
>Find a baby-sitter FAST with MSN Search! http://search.msn.ie/
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Jens Petter: "RE: Pix, static command and nonrandomseq"
• Previous message: Godswill Oletu: "Re: BGP Bestpath selection"
• Maybe in reply to: Stefan Grey: "Pix, static command and nonrandomseq"
• Next in thread: Jens Petter: "RE: Pix, static command and nonrandomseq"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART