Re: BGP through PIX Question

From: Nick Griffin (nick.jon.griffin@gmail.com)
Date: Mon Dec 11 2006 - 18:48:41 ART

• Next message: Kal Han: "icmp access-lists"
• Previous message: Nick Griffin: "Re: anybody passed the CCIE r/s exam ?"
• Maybe in reply to: Lab Rat #109385382: "BGP through PIX Question"
• Next in thread: Ross Filipek: "Re: BGP through PIX Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The bgp default route issue doesn't apply to just this scenario, but peering
in general, you need something more specific than a default.

On 12/8/06, Lab Rat #109385382 <techlist01@gmail.com> wrote:
>
> If I had a requirement to only allow a router inside of a PIX initiate a
> BGP
> connection to a router outside of the PIX, what could some of the
> possibilities be?
>
> I'm trying to determine where the controls should be, as well. I know
> there
> are certain things a router can do to initiate a BGP session and I know
> that
> the PIX can control who begins what, as well...
>
> So, I'm thinking one of the following:
>
> 1. Set inside router with lower BGP router-id than the outside router
> 2. Use Policy NAT on the PIX (e.g. nat (inside) 1 access-list XX)
>
> I guess from a lab perspective, I'm trying to determine the best
> practice...anyone have thoughts?
>
> Thanks,
>
> Ed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Kal Han: "icmp access-lists"
• Previous message: Nick Griffin: "Re: anybody passed the CCIE r/s exam ?"
• Maybe in reply to: Lab Rat #109385382: "BGP through PIX Question"
• Next in thread: Ross Filipek: "Re: BGP through PIX Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART