From: Joshua W. Watkins (josh@xxxxxxxxxxx)
Date: Sat Mar 11 2000 - 14:34:14 GMT-3
When DLSW peers establish, they don't connect from 2065 to 2065. They
use a higher port number to connect up on, i.e.-11000. You need to
allow this port through your ACL as well. Check it out.
R5 --(DLSW peers)-- R5
r4#sh tcp brief
TCB Local Address Foreign Address (state)
001B99C0 10.4.255.1.2065 10.5.255.1.11000 ESTAB
r5#sh tcp brief
TCB Local Address Foreign Address (state)
0029A510 10.5.255.1.11000 10.4.255.1.2065 ESTAB
Notice the routers using port 11,000.
> Hi.
>
> R1--(serial)----R2 ----(serial)--- R3
>
> In R2 , I applied an Access-list to only permit TCP eq 23. Now I
> am trying to permit DLSW as well
>
> I have configured a DLSW Peer between R1 and R3
>
> In R2 , I have put
>
> access-list 101 permit tcp any any eq 2065
> access-list 101 permit tcp any any eq 1981
> access-list 101 permit tcp any any eq 1982
> access-list 101 permit tcp any any eq 1983
> access-list 101 permit tcp any any eq telnet
>
>
> With # show dlsw peer I can clearly see that DLSW State is going
> from WAIT to DISC again and again. When I remove access-list it
> changes to CONNECT
>
> Any clue?
>
> Khurram.
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:04 GMT-3