From: tdt_cciesec (tdt_cciesec@yahoo.com)
Date: Tue Dec 12 2006 - 08:41:47 ART
what you're trying to do will NOT work because if you read BGP documentation,
the MD5 hash authentication depends on the IP address of the bgp peer as well
(something to that effect). The only way for eBGP authentication to work is:
static (i,o) 1.1.1.1 1.1.1.1 netmask 255.255.255.255 norandomseq
you have static NAT or policy NAT, ebgp with authentication will not work period.
Lab Rat #109385382 <techlist01@gmail.com> wrote: If I do a static policy NAT on the PIX between two eBGP speakers, can I
still authenticate them?
i.e.,
access-list R1R2 permit ip host 1.1.1.1 host 2.2.2.2 (r1 loop to r2 loop)
static (inside,outside) 2.2.2.1 access-list R1R2 norandomseq
It seems that the "norandomseq" is not working for me, because when I remove
the "neighbor password" command on each side, the peering establishes just
fine (otherwise, they stay stuck in ACTIVE).
Is "noradomseq" not supposed to work in a static policy-nat scenario?
Thanks,
Ed
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART