Solved

Examples of implementing restrictive filters limiting access to BGP (TCP 179)

Posted on 2004-04-27
1
193 Views
Last Modified: 2010-08-05
Can anyone give me some examples of implementing  restrictive filters or access-list limiting access to BGP (TCP 179) to only the necessary peers.

example configs:

router bgp 70000
network 206.25.32.0 mask 255.255.255.248
neighbor 200.4.3.98
0
Comment
Question by:ritru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 11

Accepted Solution

by:
PennGwyn earned 125 total points
ID: 10933189
Like

access-list 101 permit tcp host 200.4.3.98 any eq 179
access-list 101 deny tcp any any eq 179
access-list 101 permit ip any any

interface Serial0/0
access-group 101 in

But that's cumbersome, and you may already be using an access-list on that interface.  And it won't protect you from somebody spoofing your neighbor's address as the source.

A simpler approach is to encrypt the link:

neighbor 200.4.3.98 password "oursharedsecret"

which will allow BGP packets only if they come from somebody who has the same secret configured on their neighbor statement pointing at you.

(This is the recommended fix for the issue that Cisco and others raised last week....)
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question