From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Fri Dec 01 2006 - 03:05:17 ART
I didn't have to configure it on the PIX when first establishing the BGP
peers, but I do the clear xlate on the PIX and all of a sudden I get a bunch
of deny logs on the outside ACL saying that I need to let tcp eq 179
*initiated* from the outside.
For example, "access-list OUTSIDE permit tcp host 1.1.1.1 eq bgp host
2.2.2.2"
What gives? I thought that was an ACL statement for stateless packet
filtering (i.e. a router), not for the PIX...
Why do I see this? Was I always supposed to be doing this? It only
happened after clearing xlate and seeing the authentication go haywire on
one of the BGP peers...
Thanks,
Ed
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART