HI all
I am just implementing a solution which requires BGP peers with a PIX firewall between them. This solution works fine when I do not use a MD5 password on the peers but when I put password authentication on the peers the BGP neighbours no longer establish and when I degug it I see:
%TCP-6-BADAUTH: No MD5 digest from 172.16.5.1(12689) to 172.16.9.2(179)
I have found an document on CCO which indicates this is an issue with seq number randomisation which the PIX does by default and to add the "norandomseq" keyword to the end of my static statement which I have done but this has not cured my issue.
I am using ver7.0(4) on the PIX and 12.2(18)SXE on the 6513 which are the BGP peers.
Any Ideas?
Thanks in advance
Colin
Peer 1 config extract
router bgp 65526
no synchronization
bgp cluster-id 999
bgp log-neighbor-changes
network 172.16.9.0 mask 255.255.255.0
neighbor 172.16.5.1 remote-as 65526
neighbor 172.16.5.1 next-hop-self
neighbor 172.16.5.1 password xxxx
Firewall config extract (access-list is allowing all traffic)
static (inside,dmz) 172.16.9.2 172.16.9.2 netmask 255.255.255.255 norandomseq
Peer 2 config extract
router bgp 65526
no synchronization
bgp log-neighbor-changes
network 172.16.5.0 mask 255.255.255.0
neighbor 172.16.9.2 remote-as 65526
neighbor 172.16.9.2 password 7 045802150C2E
neighbor 172.16.9.2 next-hop-self