Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
4
Helpful
4
Replies

BGP through pix

rhltechie
Level 1
Level 1

‎06-28-2006 11:18 AM - edited ‎03-03-2019 01:10 PM

Hi All,

I will be running eBGP through my pix to routers on each side to the loopbacks of these routers. what must i enter in my pix config to allow these two routers to exchange via bgp with their loopbacks? I have tried just allowing the port, but this does not seem to work. can someone give me an example config?

TIA,

R

Labels:
0 Helpful
4 Replies 4

atif.awan
Level 3
Level 3

‎06-28-2006 11:25 AM

BGP runs on TCP 179 so as long as you have that allowed and the addresses are reachable (proper static statements) you should be ok. Here is a link that will help you out:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.shtml

rhltechie
Level 1
Level 1
In response to atif.awan

‎06-28-2006 11:51 AM

I think I had the static routes needed confused. this example helped out a lot.

One thing I am not sure about on the site you gave is the pix config that states the following:

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

!--- No NAT translation, to allow Router11 on the inside to initiate a BGP session

!--- to Router12 on the outside of PIX.

static (inside,outside) 172.16.11.1 172.16.11.1 netmask 255.255.255.255

!--- Static NAT translation, to allow Router12 on the outside to initiate a BGP session

!--- to Router11 on the inside of PIX.

Do I need to add the static nat translation as it states as I do run nat on the pix in between these routers.

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to rhltechie

‎06-28-2006 01:39 PM

Just remember to use "norandomseq" keyword on the static statement on the PIX if you are going to use MD5 authentication on the BGP session.

Please refer to the following document for more information:

http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#twenty-five

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

atif.awan
Level 3
Level 3
In response to rhltechie

‎06-28-2006 08:51 PM

The static nat translation is required in order for a router on the less secure side of the PIX initiate a TCP session with a router on the more secure side. Also keep in mind the suggestion by Harold on use of the norandomseq parameter with the static command.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card