Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
5
Helpful
6
Replies

dlsw prob

Go to solution
rpalacio
Level 1
Level 1

‎07-03-2004 10:17 PM - edited ‎03-02-2019 04:49 PM

Present setup: The router with DLSW configuration is attach to layer 2 switch, same with the firewall and the core switch. The router ethernet interface is confiured to talk to the outside interface of the firewall. The inside of the firewall is configured to talk to the core switch. There is another connection on the switch which is the DMZ of the firewall. The DMZ of the firewall is configured to talk to other router on the remote site, where the DLSW is configured too. I have SNA server running on windows 2000 configured on my network. With the present setup my DLSW is working find I can access the mainframe server located on the remote site. Now when I connected the router with a cross cable on the outside interface of the firewall and the inside interface to the core switch. My DLSW is not working. Can any one help me with regards to this issue. I read the PIX advance book stating that configuring a failover on the LAN should be connected on the switch and not just cross cable. I don't know if this applies to my current scenario having dlsw on the network.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vcjones
Level 5
Level 5
In response to rpalacio

‎07-08-2004 05:13 AM

You only show one DLSw box, I'm assuming the other is out at the remote site (as shown in the attached). If this is the case, the problem is a simple one:

DLSw is a remote bridging technology, and the communications between the DLSw peer and the SNA host occur at the link layer. The communications between the local DLSw peer and the SNA server are going through the local switch and not through the PIX.

The PIX works at layer three, and will not support SNA LLC2 (link layer) connectivity. To protect your systems, you need to move the local DLSw peer to the inside of the PIX so that the DLSw peer and the SNA server are on the same physical and logical LAN.

See my original reply for comments on problems to avoid when running DLSw through a firewall.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

View solution in original post

Preview file
40 KB
0 Helpful
6 Replies 6

Go to solution
vcjones
Level 5
Level 5

‎07-05-2004 07:29 AM

It is unclear to me what your configuration really looks like, but DLSw and firewall failover are unrelated issues.

If you are running DLSw through the firewall and the firewall is doing NAT, the most probable problem is that the NAT is reversing the comparison of IP addresses that DLSw depends on for connection setup.

You want to make sure that when connecting two DLSw peers through one or more network address translations, that both peer DLSw routers agree on which router has the numerically higher IP address, otherwise the DLSw connection setup will fail.

There is a discussion of setting up DLSw through firewalls (including how to do so with redundant connectivity) in my book "High Availability Networking with Cisco."

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

0 Helpful

Go to solution
rpalacio
Level 1
Level 1
In response to vcjones

‎07-07-2004 12:42 AM

hi,

i am attaching the rough drawing..

thx a lot for the help.

2090-GUIR-CISCO.vsd
0 Helpful

Go to solution
vcjones
Level 5
Level 5
In response to rpalacio

‎07-07-2004 05:01 AM

Why do so many people assume that everyone is on the Microsoft licensing bandwagon? I would be glad to take a look at this, but before I can I would need you to provide me with a legally licensed copy of the version of Visio used to create it.

FWIW: Visio 2000 claims that

1 - this is a Visio 2000 file, and

2 - I need to upgrade to open this file.

Side comment: the free Visio viewer available from Microsoft only works in Internet Explorer running under Windows, and even then does such a poor job of rendering I uninstalled it immediately.

Vincent C Jones

www.networkingunlimited.com

Go to solution
rpalacio
Level 1
Level 1
In response to vcjones

‎07-07-2004 10:18 PM

Hi,

Sorry about that..Am attaching now the same in jpeg format.

Thanks a lot.

Preview file
34 KB
0 Helpful

Go to solution
vcjones
Level 5
Level 5
In response to rpalacio

‎07-08-2004 05:13 AM

You only show one DLSw box, I'm assuming the other is out at the remote site (as shown in the attached). If this is the case, the problem is a simple one:

DLSw is a remote bridging technology, and the communications between the DLSw peer and the SNA host occur at the link layer. The communications between the local DLSw peer and the SNA server are going through the local switch and not through the PIX.

The PIX works at layer three, and will not support SNA LLC2 (link layer) connectivity. To protect your systems, you need to move the local DLSw peer to the inside of the PIX so that the DLSw peer and the SNA server are on the same physical and logical LAN.

See my original reply for comments on problems to avoid when running DLSw through a firewall.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

Preview file
40 KB
0 Helpful

Go to solution
rpalacio
Level 1
Level 1
In response to vcjones

‎07-09-2004 09:29 PM

Thank you very much for your help man.

Cheers.

Ciao!

0 Helpful
Customers Also Viewed These Support Documents