You will still have to configure policymap, for md5 authentication, starting from 7.x.. with 6.3, it was allowed explicitely, but not from 7.x.. Interesting material that I saw online:
"When BGP is configured with authentication, two things happen. First, an MD5 hash is computed including the password and the TCP sequence number of the packet, among other things. Second, that hash is attached to the packet via TCP option 19.
By default, a security appliance running 7.x clears option 19 and offsets the sequence number by a random number, per TCP flow. This makes BGP really unhappy when it is transiting the firewall. So, lets allow option 19 back through. To do this, you should configure the inspection of the BGP traffic and then configure a tcp-map that can be used when the ASA inspects the BGP TCP packets. Assign it all to a policy map and service policy and you're good.
the routers still aren't happy.
There are two ways to disable the randomization when the security appliance is in routed mode. The first way is accomplished via the static command.
In transparent mode there is no NAT, so the norandomseq switch can't be used on the static command. Instead, the randomization needs to be shut off when the packet gets inspected. Returning to the class of traffic we configured earlier, we can disable the randomization for only our BGP traffic:
set connection random-sequence-number disable
set connection advanced-options BGP_TCP_MAP
Now things should working and the neighbours should be UP "
Does this answer your question ? All the best. rate replies if found useful..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :