From: Mahmud, Yasser (YMahmud@Solutions.UK.ATT.com)
Date: Sun Dec 29 2002 - 16:56:38 GMT-3
Hi,
I would have used below as it avoids confusion with source ports.
permit tcp any any eq 2065
permit tcp any eq 2065 any
Yasser
> -----Original Message-----
> From: Scott Morris [SMTP:swm@emanon.com]
> Sent: Sunday, December 29, 2002 2:33 PM
> To: 'kym blair'; fadiltakipte@hotmail.com; ccielab@groupstudy.com
> Subject: RE: Filtering DLSw+ TCP Session
>
> H.245 in voice uses TCP/11000-11999 for the features/exchange stuff.
>
> However, if I recall, tcp/11000 is also the starting point for source
> port in dlsw transactions. Normally, a source port is anything over
> 1024 (the ephemeral ports), but for whatever reason, dlsw likes starting
> at 11000.
>
> So putting it in your access list will allow the circuit either
> direction to be formed.
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> kym blair
> Sent: Sunday, December 29, 2002 3:46 AM
> To: fadiltakipte@hotmail.com; swm@emanon.com; ccielab@groupstudy.com
> Subject: Re: Filtering DLSw+ TCP Session
>
>
> You're right UDP 11000-11999 are used for voice.
>
>
>
>
>
>
> >From: "Fadiltakipte" <fadiltakipte@hotmail.com>
> >Reply-To: "Fadiltakipte" <fadiltakipte@hotmail.com>
> >To: "Scott Morris" <swm@emanon.com>, <ccielab@groupstudy.com>
> >Subject: Re: Filtering DLSw+ TCP Session
> >Date: Sat, 28 Dec 2002 22:03:05 -0800
> >
> >Hi ,
> >
> >Why did you use the permit tcp any any ge 11000
> >As I know filtering TCP 2065 suffices for high priority DLSW. I have
> >seen filtering of TCP ge 11000 also for voice configurations. Can
> >anybody please inform me what these ports are used for?
> >
> >Thanks
> >
> >----- Original Message -----
> >From: "Scott Morris" <swm@emanon.com>
> >To: "'Jay Greenberg'" <groupstudylist@execulink.com>;
> ><ccielab@groupstudy.com>
> >Sent: Saturday, December 28, 2002 7:11 AM
> >Subject: RE: Filtering DLSw+ TCP Session
> >
> >
> > > If you're using priority, you'll also have 1981, 1982 and 1983 as
> > > destination ports. And I think there's something about udp
> > > connections as well, though I don't have a list of ports for that
> > > (dlsw udp-disable turns off as I recall).
> > >
> > > HTH,
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>
> > > Of Jay Greenberg
> > > Sent: Saturday, December 28, 2002 12:38 AM
> > > To: ccielab@groupstudy.com
> > > Subject: Filtering DLSw+ TCP Session
> > >
> > >
> > > Any idea how to explicitly allow a DSLw+ TCP session through an ACL?
>
> > > On a recent practice lab, I used:
> > >
> > > permit tcp any any eq 2065
> > > permit tcp any any ge 11000
> > >
> > > which worked, however I wonder if there is a more practical / direct
>
> > > way of doing this. . .
> >.
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 3 months FREE*.
> http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI
> =7474&SU=
> http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_stopmor
> espam_3mf
.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:54 GMT-3