BGP Config through PIX

rhltechie · ‎08-11-2006

Hi All,

I got some help on this a while back, but need a little more.

I am running a ebgp session from my internet router through my pix to my core router. I am using loopback addresses. I can ping the loopback of the core from the internet router but not vice versa, should i even be able to? when i try from the core i see the logs say something along the lines of not allowing spoofing. Is this normal? Is there any way for me to test to make sure the bgp traffic will flow without putting the bgp config in place as of yet?

TIA,

R

vijayasankar · ‎08-11-2006

Hi,

If you could provide some more details of the setup ( network diagram, device details..etc)it would be better to assist.

However you can have the following points ensured..

1) For the BGP session to be able to establish across a firewall, you need to ensure that Port TCP 179 is opened in the firewall for the BGP peers.

2) You need to check the firewall for how ping is allowed in the policies.

3) IP Spoofing means, an ip packet is received on a interface, from where it is not supposed to be. Basically the source IP Address of the packet is checked to ensure that only known/valid addresses are coming via that interface.

Checking this would require a fair idea of your setup.

HTH

-VJ