Guys i have seen authentication fail even when the passwords are configured
correctly between two or more routers connected to the same Multiaccess
segment. What i have done in the past to fix the problem is to remove the
authentication and reapply it. You see more authentication errors when you
configure peer-groups or Templates. I have seen these on 12.4T and even
earlier codes.
On Tue, Aug 24, 2010 at 8:20 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> Hi,
>
> If all the above suggestions do not work, then is there an ASA firewall or
> IPS device inline between the 2 pairs?
>
> By default, the ASA firewall will clear the TCP options that carry this
> authentication information - therefore one neighbor will always complain of
> no authentication from the other neighbor. Below is a link with a good
> configuration example on how to resolve this.
>
>
> http://www.packetslave.com/2009/07/12/bgp-through-an-asa-with-authentication/
>
> By default, IIRC the IPS has a signature also that clear the TCP options
> just the same way the ASA does. For this, either remove option 19 from the
> signature in question, diable the signature all together to take enable
> your
> authentication information to be carried across.
>
> Hope thats somewhat helpful.
>
> Sadiq
>
> On Tue, Aug 24, 2010 at 5:35 AM, Bryan <deadheadblues_at_gmail.com> wrote:
>
> > Masroor,
> >
> > Notice the packet is an RST. This happens on the old TCP connection
> > when the BGP peer comes up on a new TCP connection with
> > authentication.
> >
> > Do "show tcp brief" to see a list of TCP connections then kill the old
> > one that is still hanging around. You will see a line corresponding to
> > port 179 that is likely in the TIME_WAIT stage or something similar.
> > Clear this one with "clear tcp tcb #######".
> >
> > This happens with BGP and LDP because they both use TCP.
> >
> > On Mon, Aug 23, 2010 at 7:35 PM, masroor ali <masror.ali_at_gmail.com>
> wrote:
> > > hi,
> > >
> > > i am getting these logs even having same passwords on both sides, any
> > idea
> > > how to configure MD5 in BGP??
> > >
> > > %TCP-6-BADAUTH: No MD5 digest from 192.10.1.254(179) to
> > 192.10.1.10(33278)
> > > (RST)
> > > --
> > > Regards,
> > > Masroor Ali
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Narbik Kocharians CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining.com Sr. Technical Instructor YES! We take Cisco Learning Credits! Training And Remote Racks available Blogs and organic groups at http://www.ccie.netReceived on Wed Aug 25 2010 - 03:55:10 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:53 ART