- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hello all.
Gaia R80.10 .
i have prepare schema with interconecting VSX VS1 with two Nexus via eBGP .
VSX VS1 has IP1 , Nexus1 - IP2 , Nexus2 - IP3. At nexus side is AS 65010, at Checkpoint side is AS 65020.
Settings for both peers same.
session between VSX VS1 and nexus1 session state = established.
session between VSX VS1 and nexus2 session state = Active( flaps with Connect)
Why second session is not up?
in checkpoint advanced routing guide r.80.10 i see : "Dual Peering. This option enables the connection to the Local ASN or the Peer Local ASN. There can be only one active connection. If you do not enable this option, it is only possible to connect to the Peer Local ASN. "
Is it my case ? did i need switch this options on ?
when i try change config i have error messages :
set bgp external remote-as 65010 peer IP3 peer-local-as dual-peering on -------- > BGP: Peer Local AS is not enabled on this peer.
set bgp external remote-as 65010 peer IP3 peer-local-as as 65020 on -------- > RTGRTG0019 BGP: Peer Local AS cannot be equal to the Local AS.
set bgp external remote-as 65010 peer IP3 peer-local-as as 65010 on -------- > RTGRTG0019 BGP: Peer Local AS cannot be equal to the remote peer's AS.
Where i'm wrong ????
With regards, Yury.
No you do not need peer-local-as or dual-peering. Did you check for any BGP errors in /var/log/messages or /var/log/routed_messages?
Sundeep Mudgal wrote:
No you do not need peer-local-as or dual-peering. Did you check for any BGP errors in /var/log/messages or /var/log/routed_messages?
yes. but without any helpfull error messages.
As we later found - source of our problem was bug in Nexus firmware.
Hi Yury,
What steps did you to resolve this issue?
I am presently experiencing the same issue with a cisco nexus switch.
Thanks
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY