port 2067 never gets hit... R0-R1#sh access-list Extended IP access list 101 permit udp any any eq rip (2 matches) permit tcp any any eq 2065 (6 matches) permit tcp any any eq 2067 permit tcp any any eq bgp deny ip any any log (9 matches) R0-R1# %SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(179) -> 150.20.12.1(11084), 1 packet %SEC-6-IPACCESSLOGNP: list 101 denied 103 150.20.12.2 -> 224.0.0.13, 1 packet
Useing access-list 101 deny ip any any log I found:%SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(2065) -> 150.20.12.1(11048), 1 packet (and other such ports around 11000). Based on that - the following works... access-list 101 permit udp any any eq rip access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 eq 2065 access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 est access-list 101 permit tcp any any eq bgp access-list 101 deny ip any any log Does this look right? ""John Kaberna"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 2067 > > John Kaberna > CCIE #7146 > NETCG Inc. > www.netcginc.com > (415) 750-3800 > > Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com > __________________ > CCIE Security Training > www.netcginc.com/training.htm > > > ""ME"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > With dlsw, useing tcp encap, what tcp ports do I need open in an > access-list > > to allow dlsw to work? TCP 2065 by itself is not enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34990&t=34981 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]