Re: getting MD5 BGP to work through ASA 7.2

From: Reddy Ramasani (reddy545454@yahoo.com)
Date: Fri Jan 26 2007 - 05:01:45 ART

• Next message: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Previous message: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Maybe in reply to: Reddy Ramasani: "getting MD5 BGP to work through ASA 7.2"
• Next in thread: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

yes, I can ping. If I remove "neighbor password" my neighbors come up. I can telnet to port 179. Yes, here's the configuration:
   
  BLUE:
  router bgp 1
 neighbor 192.168.0.1 remote-as 4
 neighbor 192.168.0.1 password cisco
 neighbor 192.168.0.1 ebgp-multihop 100

  RED:
  router bgp 4
 neighbor 200.200.200.1 remote-as 1
 neighbor 200.200.200.1 password cisco
 neighbor 200.200.200.1 ebgp-multihop 100

ASA in the middle:
  static (inside,outside) 192.168.0.1 192.168.0.1 netmask 255.255.255.255 norandomseq
  nat (inside) 0 0.0.0.0 0.0.0.0
  !
  access-list OUTSIDE_IN extended permit ip any any
access-group OUTSIDE_IN in interface outside

   
  
gwendel@gregw.biz wrote:
  couple of questions:
can you ping each peer from each other?
can you telnet to port 179?
can you post a sanitized configuration?
can you try permit tcp any any eq bgp on both interfaces?

I can get you an example of a working config if you need one.

> i actually tried that, and it still doesn't work
>
> gwendel@gregw.biz wrote: You need to use the norandomseq keyword on the
> pix/asa.
>
>> Hi, I'm try setup a BGP neihbor with MD5 password through ASA firewall,
>> and it failing for me.
>>
>> BLUE#
>> 16:44:20: %TCP-6-BADAUTH: No MD5 digest from 192.168.0.1(54052) to
>> 200.200.200.1(179)
>>
>> am I doing something wrong?
>>
>> It works good without MD5 and it works if I remove ASA firewall and add
>> MD5 password. I'm going nuts here!!
>>
>> Thanks
>> Reddy
>>
>>
>> ---------------------------------
>> Now that's room service! Choose from over 150,000 hotels
>> in 45,000 destinations on Yahoo! Travel to find your fit.
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
>
>
> ---------------------------------
> Looking for earth-friendly autos?
> Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

 
---------------------------------
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.

• Next message: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Previous message: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Maybe in reply to: Reddy Ramasani: "getting MD5 BGP to work through ASA 7.2"
• Next in thread: gwendel@gregw.biz: "Re: getting MD5 BGP to work through ASA 7.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART