Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
939
Views
4
Helpful
4
Replies

BGP through pix

rhltechie
Level 1
Level 1

‎06-28-2006 11:18 AM - edited ‎03-03-2019 01:10 PM

Hi All,

I will be running eBGP through my pix to routers on each side to the loopbacks of these routers. what must i enter in my pix config to allow these two routers to exchange via bgp with their loopbacks? I have tried just allowing the port, but this does not seem to work. can someone give me an example config?

TIA,

R

Labels:
0 Helpful
4 Replies 4

atif.awan
Level 3
Level 3

‎06-28-2006 11:25 AM

BGP runs on TCP 179 so as long as you have that allowed and the addresses are reachable (proper static statements) you should be ok. Here is a link that will help you out:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.shtml

rhltechie
Level 1
Level 1
In response to atif.awan

‎06-28-2006 11:51 AM

I think I had the static routes needed confused. this example helped out a lot.

One thing I am not sure about on the site you gave is the pix config that states the following:

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

!--- No NAT translation, to allow Router11 on the inside to initiate a BGP session

!--- to Router12 on the outside of PIX.

static (inside,outside) 172.16.11.1 172.16.11.1 netmask 255.255.255.255

!--- Static NAT translation, to allow Router12 on the outside to initiate a BGP session

!--- to Router11 on the inside of PIX.

Do I need to add the static nat translation as it states as I do run nat on the pix in between these routers.

0 Helpful

Harold Ritter
Spotlight
Spotlight
In response to rhltechie

‎06-28-2006 01:39 PM

Just remember to use "norandomseq" keyword on the static statement on the PIX if you are going to use MD5 authentication on the BGP session.

Please refer to the following document for more information:

http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#twenty-five

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
0 Helpful

atif.awan
Level 3
Level 3
In response to rhltechie

‎06-28-2006 08:51 PM

The static nat translation is required in order for a router on the less secure side of the PIX initiate a TCP session with a router on the more secure side. Also keep in mind the suggestion by Harold on use of the norandomseq parameter with the static command.

0 Helpful
Customers Also Viewed These Support Documents