https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053934#M135782 <P>Thanks for the suggestion, although not the exact problem, I realized I had the wrong third octet in my neighbor statement. So, with no connected network in the incorrect neighbor subnet, must have kept the ASA from enabling BGP at all. Nice.</P> Mon, 08 May 2017 19:41:24 GMT Daniel Smith 2017-05-08T19:41:24Z https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053932#M135776 <P>We need to run BGP with a third party (their requirement), so that we will dynamically lose their routes over a link if some component fails. From what I have seen, it is necessary to configure router bgp NN in the system context, then in the admin context; and finally in the specific context where it is needed. I may be wrong on needing it in the admin context, that just happened to be the example that I found online. At any rate, having configured the protocol, I notice that the neighbor never goes Active, always remaining in Idle mode. Further checking indicates that the firewall is not listening on tcp/179 for BGP:</P> <P></P> <P>FW26-multiple/fw26tsnfw3/act# show asp table socket<BR /><BR /><BR />Protocol&nbsp;&nbsp; Socket&nbsp;&nbsp;&nbsp; State&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Local Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Foreign Address<BR />TCP&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 00031008&nbsp; LISTEN&nbsp;&nbsp;&nbsp;&nbsp; 10.41.11.36:22&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0.0.0.0:*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</P> <P></P> <P>Here is the config in the actual fw context where it is needed (this is lab set up):</P> <P><BR />!<BR />router bgp 26<BR />&nbsp;bgp router-id 10.1.1.1<BR />&nbsp;address-family ipv4 unicast<BR />&nbsp; neighbor 10.41.78.11 remote-as 11<BR />&nbsp; neighbor 10.41.78.11 activate<BR />&nbsp; neighbor 10.41.78.11 prefix-list routesfromxxx in<BR />&nbsp; no auto-summary<BR />&nbsp; no synchronization<BR />&nbsp;exit-address-family<BR />!<BR />FW26-multiple/fw26tsnfw3/act#</P> <P>I wonder if I am missing some magic configuration to turn this on?</P> <P></P> <P></P> <P></P> <P></P> <P></P> <P></P> <P></P> Tue, 12 Mar 2019 09:19:57 GMT https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053932#M135776 Daniel Smith 2019-03-12T09:19:57Z https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053933#M135778 <P>Try following command</P> <P></P> <P><SPAN>router bgp 26</SPAN><BR /><SPAN>&nbsp;address-family ipv4 unicast</SPAN><BR /><SPAN>&nbsp; <STRONG>neighbor 10.41.78.11 ebgp-multihop 5</STRONG></SPAN></P> Mon, 08 May 2017 18:46:22 GMT https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053933#M135778 Ashish Jhaldiyal 2017-05-08T18:46:22Z https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053934#M135782 <P>Thanks for the suggestion, although not the exact problem, I realized I had the wrong third octet in my neighbor statement. So, with no connected network in the incorrect neighbor subnet, must have kept the ASA from enabling BGP at all. Nice.</P> Mon, 08 May 2017 19:41:24 GMT https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053934#M135782 Daniel Smith 2017-05-08T19:41:24Z https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053935#M135784 <P>Did you actually test this, Ashish?</P> Mon, 15 May 2017 15:41:08 GMT https://community.cisco.com/t5/network-security/asa-multi-context-and-bgp/m-p/3053935#M135784 abdulhmalik 2017-05-15T15:41:08Z