OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt... Any ideas? Please respond off list... -- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena. Uh, how about calling me back about beers you slacker ass?
Noice... There has got to be some sort of health code against you and I at the same bug pulling off the same tap - the laws of gravity etc... On Jul 26, 2002 Martin Hannigan spake:
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena.
Uh, how about calling me back about beers you slacker ass?
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
This has got to be the strangest setup of BGP I have seen yet. A firewall running an inherently insecure protocol all I can say is have fun. On Fri, 2002-07-26 at 09:31, Rich Sena wrote:
Noice...
There has got to be some sort of health code against you and I at the same bug pulling off the same tap - the laws of gravity etc...
On Jul 26, 2002 Martin Hannigan spake:
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena.
Uh, how about calling me back about beers you slacker ass?
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
And we are off......
OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint.
WOW! Nokia Checkpoint runs routing protocols (other than RIP or static routes????) more impressive is this appliance running BGP. On a serious note...I imagine the Nokia is in front of one of the Cisco's....(my assumption since the poster is as vague as a capitol hill politician) If this is the case, then take the stinking firewall and place it behind the router, let the routers do their Peering, and even place some Bogon-lists on the router, and some basic bogon filtering for your ingress traffic. (take as much illegitimate traffic of the firewall). But hey, does this belong in the NANOG anyway.......? my 2 cashings!!! ----- Original Message ----- From: "Manolo Hernandez" <manolo@dialtoneinternet.com> To: "Rich Sena" <ras@thick.net> Cc: "Martin Hannigan" <hannigan@fugawi.net>; "NANOG" <nanog@merit.edu> Sent: Friday, July 26, 2002 8:53 AM Subject: Re: BGP question... (SOT)
This has got to be the strangest setup of BGP I have seen yet. A firewall running an inherently insecure protocol all I can say is have fun.
On Fri, 2002-07-26 at 09:31, Rich Sena wrote:
Noice...
There has got to be some sort of health code against you and I at the
same
bug pulling off the same tap - the laws of gravity etc...
On Jul 26, 2002 Martin Hannigan spake:
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers
and a
NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena.
Uh, how about calling me back about beers you slacker ass?
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
On Jul 26, 2002 Gerardo A. Gregory spake:
On a serious note...I imagine the Nokia is in front of one of the Cisco's....(my assumption since the poster is as vague as a capitol hill politician)
Yeah sorry - vagueness is an art... it's pretty much a DMZ set up we have an outside border (CISCO 7206VXR) and an inside border/distribution border (CISCO 6513 MSFC) The NOKIA is running a flavor of GateD that I have seen this problem with before - I did find a work around. The problem is that the CISCO is sedning a version identifier (4) that GateD is identifying as an authentication string. The error that the 7206vxr is receiving is a 'BGP-3 Authentification failure' I cludged it by setting a MD5 auth string on the NOKIA as "4" - that solved the prob on that side - but I think I am still having an issue with the 6513. It was an upgrade that our firewall group had rolled into production - to replace a Solaris/Checkpoint setup that was running iBGP with Zebra. All we are really passing is default in and accepting some routes from a secure server farm connected to the 6513. The Farm will be dual homed to 2 of our campuses in the near future (otherwise since it is now stub we could static it.) Anyway - thanks...
If this is the case, then take the stinking firewall and place it behind the router, let the routers do their Peering, and even place some Bogon-lists on the router, and some basic bogon filtering for your ingress traffic. (take as much illegitimate traffic of the firewall).
Yeah it is see above..
But hey, does this belong in the NANOG anyway.......?
Prolly not - I asked for replys to me directyl and did get quite a few helpful ones - I'm replying back to the nog cuz I got spanked a little by Sue for the beer off-shoot to this and to provide the little bit more detail that you were asking for... Anyway I took a mulligan on teh beer thread and am now playing through... thanks...
my 2 cashings!!!
Kaching - thanks again...
----- Original Message ----- From: "Manolo Hernandez" <manolo@dialtoneinternet.com> To: "Rich Sena" <ras@thick.net> Cc: "Martin Hannigan" <hannigan@fugawi.net>; "NANOG" <nanog@merit.edu> Sent: Friday, July 26, 2002 8:53 AM Subject: Re: BGP question... (SOT)
This has got to be the strangest setup of BGP I have seen yet. A firewall running an inherently insecure protocol all I can say is have fun.
On Fri, 2002-07-26 at 09:31, Rich Sena wrote:
Noice...
There has got to be some sort of health code against you and I at the
same
bug pulling off the same tap - the laws of gravity etc...
On Jul 26, 2002 Martin Hannigan spake:
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers
and a
NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena.
Uh, how about calling me back about beers you slacker ass?
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
-- Rich Sena - ras@thick.net ThickNET Consulting "On the way to understanding; you understand, and forget."
mmmmm Beer, its what's for dinner! On Fri, 26 Jul 2002, Martin Hannigan wrote:
On Thu, 25 Jul 2002, Rich Sena wrote:
OK trying to get a BGP session up between a pair of CISCO routers and a NOKIA running Checkpoint. Coming across an issue I had with GateD where the NOKIA is choking on a version indentifier sent by the CISCO and reporting back a BGP-3 authentification failure for the OPEN message (it's interpreting the version ID as a authentification attempt...
Any ideas?
Please respond off list...
Yeah, ok Sena.
Uh, how about calling me back about beers you slacker ass?
participants (5)
-
Gerardo A. Gregory -
Manolo Hernandez -
Martin Hannigan -
Rich Sena -
Scott Granados