Solved

ebgp multihop thru cisco asa

Posted on 2011-09-18
5
364 Views
Last Modified: 2012-05-12
I am trying to peer two routers vie ebgp multihop.  each peer router is being a cisco asa firewall. The peer routers can ping each other and I have allowed tcp 179 on both ASA's but I still don't have a successful neighborship?  Am I missing something?

0
Comment
Question by:FREDARCE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36560021
TCP /179 is correct.  Only thing I can think of is be careful of NATing and what address is being used to establish the peer relationship.  You might do some debugs on the routers to identify what BGP is trying to do, and you might also look at the ASA logs to identify what traffic is being blocked.
0
 

Author Comment

by:FREDARCE
ID: 36564682
I am using any nat on either ASA.  changed logging to debug but don't see anything in the logs.  I would at least expect to see deny attempts made on tcp/179.  how can I ensure that the peer routers are at least trying to establish a neighborship?

0
 

Accepted Solution

by:
FREDARCE earned 0 total points
ID: 36569545
turns out my problem was I was relying on a default route for return traffic on each of the neighbor routers and what I needed to do was add a specific static route instead.  Once I added the static route bgp neighborship came up.
0
 

Author Closing Comment

by:FREDARCE
ID: 36594722
turns out my problem was I was relying on a default route for return traffic on each of the neighbor routers and what I needed to do was add a specific static route instead.  Once I added the static route bgp neighborship came up.
0
 
LVL 18

Expert Comment

by:jmeggers
ID: 36569951
Forgot about the default route. BGP won't establish without an explicit route.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco IPSec VPN Connection with Mac only sees Public folder 19 45
Wifi addin for wireshark? 5 45
Moving vSAN traffic to a new network 4 67
Voice VLANs across Metro-E 4 36
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question