04-26-2019 08:35 AM - edited 02-21-2020 09:37 PM
I see on some docs such as at https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/6500-bgp-pix.html that you must configure NAT in addition to allowing port 179 to allow BGP through a FW. Basically I am just trying to confirm what all must be configured to allowed BGP or OSPF communication/peering through the FW.
Solved! Go to Solution.
05-02-2019 05:55 AM
I believe that some words are missing which makes it difficult to be sure what you mean. But yes you would simply configure the ASA so that the interface does participate in the dynamic routing protocol and the neighbor relationship would be formed.
HTH
Rick
04-26-2019 10:27 AM
04-29-2019 12:27 PM
04-29-2019 01:09 PM - edited 04-29-2019 01:11 PM
They are 2 significantly different situations if the ASA is participating in the dynamic routing protocol or the dynamic routing protocol passes through the ASA. If the ASA is participating in the routing protocol then the routing protocol packets are received and processed by the ASA interface. There is nothing involving address translation and no access rules (other than making sure that existing access rules do not block the routing protocol packets. OSPF, EIGRP, or BGP all work just fine in this environment. If the ASA is not participating in the routing protocol and the routing protocol packets will pass through the ASA it is quite different. In this situation the routing protocol peers are in different subnets (perhaps one peer is connected to the Inside interface while the other peer is connected to DMZ). That is no problem for BGP where BGP neighbors are frequently on remote subnets. But it is a problem for protocols like OSPF or EIGRP which will establish neighbor relationships only with devices in the same subnet.
HTH
Rick
05-01-2019 07:05 PM
05-02-2019 05:55 AM
I believe that some words are missing which makes it difficult to be sure what you mean. But yes you would simply configure the ASA so that the interface does participate in the dynamic routing protocol and the neighbor relationship would be formed.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide