2.1.3 Ensure 'BGP authentication' is enabled

Information

BGP is an inter and intra autonomous system routing protocol. An autonomous system is a network or group of networks under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).

Rationale:

Customer networks, such as universities and corporations, usually employ an Interior Gateway Protocol (IGP) such as OSPF for the exchange of routing information within their networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP routes. When BGP is used between autonomous systems (AS), the protocol is referred to as External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is referred to as Interior BGP (IBGP).

BGP can also be used for carrying routing information for IPv6 prefix over IPv6 networks

Solution

Step 1
Enable BGP.
Step 2
Define the Best Path for a BGP Routing Process.
Step 3
Configure Policy Lists.
Step 4
Configure AS Path Filters.
Step 5
Configure Community Rules.
Step 6
Configure IPv4 Address Family Settings.
Step 7
Configure IPv6 Address Family Settings.

ciscoasa#(config)router bgp 2
ciscoasa(config-router)# bgp default local-preference 500
ciscoasa(config)# policy-list Example-policy-list1 permit
ciscoasa(config)# as-path access-list 35 permit testaspath
ciscoasa(config)# community-list standard excomm1 permit 100 internet no-advertise no-export
ciscoasa(config-router-af)# bgp router-id 10.86.118.3
ciscoasa(config-router-af) aggregate-address 10.86.118.0 255.255.255.0 as-set summary-only suppress-map example1 advertise-map example1 attribute-map example1

Default Value:

not enabled

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-2(1), 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|11.1

Plugin: Cisco

Control ID: 453402b548f71056b51bf938e5479d49e66496aa7a7adb7d2f49cfe18aa12537