Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure BGP across a PIX Firewall

Core Issue

he PIX Firewall is a perimeter security device that protects the devices on the private   network from external attacks. The PIX uses the Adaptive Security Algorithm (ASA) to determine if   traffic arriving at an interface should be allowed through. By default, traffic initiated by a device   on a lower security interface and destined to a device on a higher security interface is denied by the   PIX. The routers on the lower security interface are not able to initiate a Border Gateway Protocol   (BGP) session with the routers on the higher security interface.


The default behaviour of the ASA can be modified to allow BGP routers on the lower security interfaces to initiate BGP sessions with routers on the higher security interfaces. This is achieved by explicitly permitting the TCP port 179 traffic between the two devices by configuring an Access Control List (ACL) and binding it to the outside interface. To create an ACL, issue the access-list command in the configuration mode. To bind the ACL to an interface, issue the access-group command and use the in keyword to specify that the statement applies to traffic entering the interface.

For more information and configurations, refer Sample Configurations of BGP across a PIX Firewall.

Version history
Revision #:
1 of 1
Last update:
‎06-18-2009 03:54 PM
Updated by:
Labels (1)
Everyone's tags (4)