Core Issue
he PIX Firewall is a perimeter security device that protects the devices on the private network from external attacks. The PIX uses the Adaptive Security Algorithm (ASA) to determine if traffic arriving at an interface should be allowed through. By default, traffic initiated by a device on a lower security interface and destined to a device on a higher security interface is denied by the PIX. The routers on the lower security interface are not able to initiate a Border Gateway Protocol (BGP) session with the routers on the higher security interface.
Resolution
The default behaviour of the ASA can be modified to allow BGP routers on the lower security interfaces to initiate BGP sessions with routers on the higher security interfaces. This is achieved by explicitly permitting the TCP port 179 traffic between the two devices by configuring an Access Control List (ACL) and binding it to the outside interface. To create an ACL, issue the access-list command in the configuration mode. To bind the ACL to an interface, issue the access-group command and use the in keyword to specify that the statement applies to traffic entering the interface.
For more information and configurations, refer Sample Configurations of BGP across a PIX Firewall.