You work as a network engineer for the company, you want to configure two BGP speakers to
form an EBGP session across a firewall. On the engineer’s network, the firewall always permits
TCP sessions that are initiated from the inside network (the network attached to the inside
interface of the firewall). What prerequisite is there for enabling BGP to run on this network?
A.
EBGP multihop will need to be configured for this to work.
B.
This should work with normal BGP peering, with no additional configuration on the BGP
speakers or the firewall.
C.
The BGP protocol port must be opened on the firewall
D.
There is no way to make BGP work across a firewall.
Explanation:
If TCP Port 179 is open for BGP than eBGP multihop must also be enabled
Because BGP uses unicast TCP packets on port 179 to communicate with its peers, you can
configure PIX1 and PIX2 to allow unicast traffic on TCP port 179. This way, BGP peering can be
established between the routers that are connected through the firewall. Redundancy and the
desired routing policies can be achieved through the manipulation of the BGP attributes.The neighbor ebgp-multihop command enables BGP to override the default one hop eBGP limit
because it changes the Time to Live (TTL) of eBGP packets from the default value of 1ASA/PIX: BGP through ASA Configuration Example
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009487d.s
html