port 2067 never gets hit...
R0-R1#sh access-list
Extended IP access list 101
permit udp any any eq rip (2 matches)
permit tcp any any eq 2065 (6 matches)
permit tcp any any eq 2067
permit tcp any any eq bgp
deny ip any any log (9 matches)
R0-R1#
%SEC-6-IPACCESSLOGP: list 101 denied tcp 150.20.12.2(179) ->
150.20.12.1(11084),
1 packet
%SEC-6-IPACCESSLOGNP: list 101 denied 103 150.20.12.2 -> 224.0.0.13, 1
packet
Useing access-list 101 deny ip any any log I found:%SEC-6-IPACCESSLOGP: list
101 denied tcp 150.20.12.2(2065) -> 150.20.12.1(11048), 1 packet (and other
such ports around 11000).
Based on that - the following works...
access-list 101 permit udp any any eq rip
access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 eq 2065
access-list 101 permit tcp host 150.20.12.2 host 150.20.12.1 est
access-list 101 permit tcp any any eq bgp
access-list 101 deny ip any any log
Does this look right?
""John Kaberna"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> 2067
>
> John Kaberna
> CCIE #7146
> NETCG Inc.
> www.netcginc.com
> (415) 750-3800
>
> Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com
> __
> CCIE Security Training
> www.netcginc.com/training.htm
>
>
> ""ME"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > With dlsw, useing tcp encap, what tcp ports do I need open in an
> access-list
> > to allow dlsw to work? TCP 2065 by itself is not enough.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34990&t=34981
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]