Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3074
Views
0
Helpful
16
Replies

Cisco ASA missing BGP route

Go to solution
geoff
Level 1
Level 1

‎02-16-2019 03:20 AM

Hi,

 

After configuring BGP on an ASA 5585-x no routes to peer are displayed with show bgp route.

 

Below are some configs and shows

 

Many thanks in advance.

 

Cheers

Geoff

 

sh run route

route outside 0.0.0.0 0.0.0.0 xx.xxx.xxx.xxx 1

route BGP-LINK 0.0.0.0 0.0.0.0 xx.xxx.xxx.xx 2

 

sh route bgp    

 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is xx.xxx.xxx.xxx to network 0.0.0.0

 

sh run router bgp

router bgp xxxxx

bgp log-neighbor-changes

bgp router-id xxx.xxx.xxx.xxx

address-family ipv4 unicast

  neighbor xx.xxx.xxx.xx remote-as xxxxx

  neighbor xx.xxx.xxx.xx activate

  network xxx.xxx.xx.x mask 255.255.254.0

  network xxx.xxx.xx.x mask 255.255.255.0

  aggregate-address xxx.xxx.xx.x 255.255.255.0

  no auto-summary

  no synchronization

exit-address-family

!

nat (public,BGP-LINK) after-auto source dynamic public-subnet interface

access-list BGP-LINK_access_in extended permit icmp any object public-subnet

access-list public_access_in extended permit icmp any object public-subnet

 

interface Port-channel2

no nameif

security-level 100

no ip address

!

interface Port-channel2.14

vlan 14

nameif public

security-level 100

ip address xxx.xxx.xx.x 255.255.255.128

 

interface TenGigabitEthernet0/8

nameif BGP-LINK

security-level 0

ip address xx.xxx.xxx.xx 255.255.255.254

ipv6 address xxxx:xxxx:x:xx::xx/127

ipv6 enable

!

Labels:
0 Helpful
16 Replies 16

Go to solution
geoff
Level 1
Level 1
In response to Richard Burts

‎02-18-2019 03:51 AM

Hi Rick,

 

Many thanks with sharing the accepted protocol in this forum, sorry as I am very new to this on any forum, just got stuck trying to resolve my issues on my own.

 

Sorry, it was a typo xxx.xxx.41.1 is correct.

 

Yes, I create acl to handle icmp protocol.

 

After spending many hours researching and testing, I have come to the following conclusion, place an ASR 1001-x in front of ASA 5585-x to handle pour routing and BGP. Or research an implementation of using ASA 5585-x with multiple contexts one for firewall and the other for BGP.

 

I will start new discussion and send you an note, many thanks for your kind assistance.

 

Cheers

Geoff

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to geoff

‎02-18-2019 08:01 AM

Geoff

 

You are quite welcome.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card