Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
1
Replies

BGP Authentication through FW-1

bjames
Level 5
Level 5

‎03-04-2005 04:11 PM - edited ‎03-02-2019 10:00 PM

Hi,

We are having an issue with BGP passign through a CheckPoint Firewall. I won't go into why it's setup like this but it's a functional design, and BGP works well. The issue is when the MD5 authentication is turned on for BGP the updates to the inside routers fail. Turn off the password, and they work fine again.

I have searched everywhere for someone with a similar issue with no luck. I will be checking the (FW) log files and putting upstream and downstream sniffers in place next week, but I thought I would ask here.

I would bet it's something to do with TCP sequencing randomization.....

Thanks

Labels:
0 Helpful
1 Reply 1

Harold Ritter
Spotlight
Spotlight

‎03-04-2005 06:28 PM

The issue is most certainly due to the CheckPoint FW randomizing the TCP initial sequence number. I know the TCP ISN randomization issue exists with the PIX as decribed in the following Q&A and can easily be taken care of by disabling the randomization for the two peers.

http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#twenty-five

I'm not sure if the Checkpoint FW allows you to disable the ISN randomization on a single session.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful
Customers Also Viewed These Support Documents