adding a permit any any for the IP address of the ravlin device to the top of
the access list should fix this problem
I'll check and see if there is a more secure fix to this. you should only
need
ports IP 50 and 51, UDP port 500 to be open I'm guessing your using IPSEC
let me know if this does not work I have access to a ravlin VPN and can do
some testing for you.
>>> "Shannon Murphy" 09/20/01 03:27PM >>>
We're experiencing an issue with connectivity to one of our customers that
require the use of a Redcreek Ravlin VPN device. They have been up and
running fine up until we enabled the NBAR fix to prevent the Code Red Worm
virus as referenced in
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml . This is the
only VPN that is affected by this ACL; we have several Cisco to Cisco VPN's
as well as several Cisco to Checkpoint VPN's all of which we have broken
only to have them come back up immediately. The Redcreek equipment isn't
ours and we don't have a relationship with them at all for support so I'm
awaiting our customer to contact Redcreek to find out what in this ACL would
break the tunnel. My suspicions are that the Ravlin box sets the dscp value
to 1 for whatever reason which is what our policy map assigns the value to
as well.
Has anyone seen this scenario?
Shannon Murphy
Network Engineer, CCNA, CCDA
Global Networking Team
Jabil Circuit, Inc.
(727)803-3027
adding a permit any any for the IP address of the ravlin device to the
top of the access list should fix this problem
I'll check and see if there is a more secure fix to this. you should only
need ports IP 50 and 51, UDP port 500 to be open I'm guessing your using
IPSEC let me know if this does not work I have access to a ravlin VPN and
can do some testing for you.
>>> "Shannon Murphy" 09/20/01 03:27PM >>>
We're experiencing an issue with connectivity to one of our customers
that
require the use of a Redcreek Ravlin VPN device. They have been up and
running fine up until we enabled the NBAR fix to prevent the Code Red
Worm
virus as referenced in
http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml . This is the
only VPN that is affected by this ACL; we have several Cisco to Cisco
VPN's
as well as several Cisco to Checkpoint VPN's all of which we have broken
only to have them come back up immediately. The Redcreek equipment isn't
ours and we don't have a relationship with them at all for support so I'm
awaiting our customer to contact Redcreek to find out what in this ACL
would
break the tunnel. My suspicions are that the Ravlin box sets the dscp
value
to 1 for whatever reason which is what our policy map assigns the value
to
as well.
Has anyone seen this scenario?
Shannon Murphy
Network Engineer, CCNA, CCDA
Global Networking Team
Jabil Circuit, Inc.
(727)803-3027
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20617&t=20615
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
