Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP Config through PIX

Hi All,

I got some help on this a while back, but need a little more.

I am running a ebgp session from my internet router through my pix to my core router. I am using loopback addresses. I can ping the loopback of the core from the internet router but not vice versa, should i even be able to? when i try from the core i see the logs say something along the lines of not allowing spoofing. Is this normal? Is there any way for me to test to make sure the bgp traffic will flow without putting the bgp config in place as of yet?




Re: BGP Config through PIX


If you could provide some more details of the setup ( network diagram, device details..etc)it would be better to assist.

However you can have the following points ensured..

1) For the BGP session to be able to establish across a firewall, you need to ensure that Port TCP 179 is opened in the firewall for the BGP peers.

2) You need to check the firewall for how ping is allowed in the policies.

3) IP Spoofing means, an ip packet is received on a interface, from where it is not supposed to be. Basically the source IP Address of the packet is checked to ensure that only known/valid addresses are coming via that interface.

Checking this would require a fair idea of your setup.