Re: bgp problem

From: WorkerBee (ciscobee@gmail.com)
Date: Mon Oct 23 2006 - 01:36:46 ART

• Next message: Ryan: "What are fair assumptions about practice labs?"
• Previous message: Edouard Zorrilla: "Re: bgp problem"
• Maybe in reply to: emmanuel daniel: "bgp problem"
• Next in thread: emmanuel daniel: "Re: bgp problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can refer to Yusuf Security Practise Labs Ciscopress Pg 11, Section 2.5.2.

The solution is given on Pg 20 using ACL.

The outside ACL is redundant but the inside ACL is a must.

Yeah.....NDA :x

On 10/23/06, Edouard Zorrilla <ezorrilla@tsf.com.pe> wrote:
> Sir Bee,
>
> Why did you put this line:
>
> ACL inside
> deny tcp host R1_Lo host R2_Lo eq 179
>
> ?
>
> Thanks
>
> ----- Original Message -----
> From: "WorkerBee" <ciscobee@gmail.com>
> To: "emmanuel daniel" <emmanueldan@gmail.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Sunday, October 22, 2006 11:05 PM
> Subject: Re: bgp problem
>
>
> > You can force R2 to initial the BGP peering by applying ACL to the PIX
> > interfaces:
> >
> > ACL inside
> > deny tcp host R1_Lo host R2_Lo eq 179
> >
> > ACL outside
> > permit tcp host R2_Lo host R1_Lo eq 179
> >
> > Hence, the ACL will force the peering R1 (179) <--------> R2 (High Port).
> >
> >
> >
> > On 10/23/06, emmanuel daniel <emmanueldan@gmail.com> wrote:
> >> Hi
> >>
> >> I took my sec exam last week and i couldnt pass mainly i got less points
> >> in
> >> bgp. i Wantt to know where i screwed up can any one help me out here is
> >> my
> >> problem the qustion was some what similar to this
> >>
> >>
> >> R1 e0/0 183.1.123.1 -------- (inside 183.1.123.10) pix (outside
> >> 183.1.124.10
> >> )---------183.1.124.2 e0/0 r2
> >> lo 150.100.1.1
> >> lo
> >> 150.100.2.2
> >> (BGP AS
> >> 54)
> >> (BGP AS 55)
> >>
> >> the question is r1 which is bgp as 54 wants make an ebgp peering with r2
> >> with is in as 55. using thee loopbacks and make the peering such that r1
> >> always uses a foreign port of 179. i thought its given just to confuse
> >> me
> >> and i didnt solve it bec default bgp port is 179.
> >>
> >>
> >> Regards
> >> Emmanuel.
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Ryan: "What are fair assumptions about practice labs?"
• Previous message: Edouard Zorrilla: "Re: bgp problem"
• Maybe in reply to: emmanuel daniel: "bgp problem"
• Next in thread: emmanuel daniel: "Re: bgp problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:06 ART