Solved

ebgp multihop thru cisco asa

Posted on 2011-09-18
5
363 Views
Last Modified: 2012-05-12
I am trying to peer two routers vie ebgp multihop.  each peer router is being a cisco asa firewall. The peer routers can ping each other and I have allowed tcp 179 on both ASA's but I still don't have a successful neighborship?  Am I missing something?

0
Comment
Question by:FREDARCE
  • 3
  • 2
5 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 36560021
TCP /179 is correct.  Only thing I can think of is be careful of NATing and what address is being used to establish the peer relationship.  You might do some debugs on the routers to identify what BGP is trying to do, and you might also look at the ASA logs to identify what traffic is being blocked.
0
 

Author Comment

by:FREDARCE
ID: 36564682
I am using any nat on either ASA.  changed logging to debug but don't see anything in the logs.  I would at least expect to see deny attempts made on tcp/179.  how can I ensure that the peer routers are at least trying to establish a neighborship?

0
 

Accepted Solution

by:
FREDARCE earned 0 total points
ID: 36569545
turns out my problem was I was relying on a default route for return traffic on each of the neighbor routers and what I needed to do was add a specific static route instead.  Once I added the static route bgp neighborship came up.
0
 

Author Closing Comment

by:FREDARCE
ID: 36594722
turns out my problem was I was relying on a default route for return traffic on each of the neighbor routers and what I needed to do was add a specific static route instead.  Once I added the static route bgp neighborship came up.
0
 
LVL 18

Expert Comment

by:jmeggers
ID: 36569951
Forgot about the default route. BGP won't establish without an explicit route.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question