BGP Through an ASA with Authentication

By default, the ASA will strip TCP option 19 causing MD5 authentication for BGP to fail.  In addition, the ASA randomizes the TCP sequence numbers, which also breaks things.  To fix this:

tcp-map BGP_FIX
  tcp-options range 19 19 allow
!
access-list BGP permit tcp any any eq 179
!
class BGP
  match access-list BGP
  !! could also use match protocol tcp eq bgp
!
policy-map global_policy
  class BGP
    set connection advanced-options BGP_FIX
    set connection random-sequence-number disable
!