RE: BGP through PIX Question

From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Tue Dec 12 2006 - 04:47:04 ART

• Next message: Ian Blaney: "multicast over frame relay"
• Previous message: Jens Petter: "RE: BGP through PIX Question"
• Maybe in reply to: Lab Rat #109385382: "BGP through PIX Question"
• Next in thread: Petr Lapukhov: "Re: BGP through PIX Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ok, here's the scenario...how do you establish BGP peers between a Cisco
12000 GSR in Asia using a private loopback address to a DLink SOHO router
located in the US, knowing exactly how many hops away it was and using the
multihop command to reflect this hop count? There are exactly 5 PIXs on the
path between the peers and they're doing static and policy-based nat on
each. Oh, and the connection between the two routers must run over a
GRE-encrypted tunnel using the NAT from the loopback interface to the public
interface.

Oh, and finally, the routers are powered off...

Now, establish a BGP session between them...

I think Jens Petter should just go lab it up...after all, the best way to
learn is to simply lab it up...don't ask direct questions about a particular
scenario, that's stupid, and no way to learn! We should fantasize about the
most complicated scenario imaginable and try to figure it out, because
that's what might be on the CCIE lab!

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Jens
Petter
Sent: Monday, December 11, 2006 9:46 PM
To: 'christianus sandjaja'; 'Petr Lapukhov'
Cc: ccielab@groupstudy.com; security@groupstudy.com
Subject: RE: BGP through PIX Question

I would agree with this. But the problem is general... it will be there if
you also had 10 routeres between the bgp peers.. no pix..

 
Mvh
Jens Petter Eikeland
Mob 98247550
Hipercom AS

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
christianus sandjaja
Sent: 12. desember 2006 05:28
To: Petr Lapukhov
Cc: ccielab@groupstudy.com; security@groupstudy.com
Subject: Re: BGP through PIX Question

How about something like this one :

interface loopback0
 ip address
152.1.30.1 255.255.255.0

router bgp 1
no synchronization
bgp router-id
1.1.1.1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2
password CISCO
neighbor 2.2.2.2 ebgp-multihop 5
no auto-summary

ip route
0.0.0.0 .0.0.0.0 to PIX inside address

pix
static (inside,outside) 1.1.1.1
152.1.30.1 netmask 255.255.255.255 norandomseq static (outside,inside)
2.2.2.2
152.1.1.1 netmask 255.255.255.255 norandomseq

R2
interface Loopback0
ip
address 152.1.1.1 255.255.255.0

router bgp 2
no synchronization
bgp router-id
2.2.2.2
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1
ebgp-multihop 5
neighbor 1.1.1.1 password CISCO
no auto-summary

But of course
its need 2 static entry on the PIX

CMIIW

Thanks

Chris

• Next message: Ian Blaney: "multicast over frame relay"
• Previous message: Jens Petter: "RE: BGP through PIX Question"
• Maybe in reply to: Lab Rat #109385382: "BGP through PIX Question"
• Next in thread: Petr Lapukhov: "Re: BGP through PIX Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART