cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8283
Views
10
Helpful
6
Replies

Enable Inbound soft reconfiguration on ASA

Nvelu
Level 1
Level 1

I am getting the following error message when tried to see the received routes from BGP neighbour. 

I have Cisco ASA 5555  running on 9.3(3). 

 

ciscoasa# sh bgp neighbors <peer IP address> received-routes

% Inbound soft reconfiguration not enabled on <peer ip address>

 

Please guide me to enable inbound soft to bgp neighbor on ASA

1 Accepted Solution

Accepted Solutions

Hi, 

 

Sorry, I have shared the command for a router. But ASA is not implemented yet till to 9.6. I didn't find in it.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/route-bgp.html

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

6 Replies 6

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

I think you need to configure an extra command as: neighbor {ip-address | peer-group-name} soft-reconfiguratio[inbound]

 

But make sure, you must read its advantage and disadvantage.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hi Deepak Kumar,

 

Thanks for the response. I tried to enable soft configuration to the peer but i do not see any option/configuration to enable.

Sorry that i copy paste the options available in the cli but i just want to show what are available

 

ciscoasa(config-router-af)# neighbor 172.31.184.1 ?

 

bgp address-family mode commands/options:

 

activate                                     Enable the Address Family for this Neighbor
advertise-map                          specify route-map for conditional advertisement
advertisement-interval               Minimum interval between sending BGP routing updates
default-originate                       Originate default route to this neighbor
description                                Neighbor specific description
disable-connected-check         one-hop away EBGP peer using loopback address
distribute-list                             Filter updates to/from this neighbor
ebgp-multihop                          Allow EBGP neighbors not on directly connected
networks
filter-list                                    Establish BGP filters
ha-mode                                  high availability mode
local-as                                   Specify a local-as number
maximum-prefix                      Maximum number of prefixes accepted from this peer
next-hop-self                          Disable the next hop calculation for this neighbor
password                               Set a password
prefix-list                               Filter updates to/from this neighbor
remote-as                             Specify a BGP neighbor
remove-private-as                  Remove private AS number from outbound updates
route-map                             Apply route map to neighbor
send-community                    Send Community attribute to this neighbor
shutdown                                 Administratively shut down this neighbor
timers                                      BGP per neighbor timers
transport                                 Transport options
ttl-security                               BGP ttl security check
version                                     Set the BGP version to match a neighbor
weight                                     Set default weight for routes from this neighbor

Hi, 

 

Sorry, I have shared the command for a router. But ASA is not implemented yet till to 9.6. I didn't find in it.

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/route-bgp.html

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Although documentation states that this command was introduced in version 9.2(1), it would seem that this specific command has not yet been implemented.  Unfortunately I do not have an ASA running higher version in my lab for testing.

--
Please remember to select a correct answer and rate helpful posts

Jesse Peden
Level 1
Level 1

As of ASA OS version 9.14(1), BGP soft-reconfiguration is still not present, for anyone wondering if it was eventually added.  I can only guess that this was intentional as a security measure, so administrators would notice a BGP session being cleared to accept new routes rather than it being semi-transparent and potentially causing a security concern by accepting traffic from an unintended network (such as in the case of not using a route-map or prefix-list to filter out unwanted networks).

Ñnate
Level 1
Level 1

I am using ASA 9.14 on a 2K device and you can use "show bgp neighbors x.x.x.x  routes" to see your received routes. 

Review Cisco Networking for a $25 gift card