We had a very interesting issue with one of our 2811 router. We have Checkpoint firewalls at some of our locations and they all send messages back to the management station using TCP port 257. At our Chinese location at March 10th around 10:30PM, our time, the router stoppend sending traffic on port 257, all other traffic seemed to be normal. We put the same access-list, fuctionality wise, on FA0/0 in and on S0/0/0:1 out. We could see the hits on FA0/0 but not on S0/0/0:1. After rebooting the router the problem went away, for now. I opened a ticket with Cisco, but I did not get too far. Did anyone see anything like this before?

Here are the access-lists:

ip access-list extended Log-Testing

permit tcp host 172.28.228.243 host 161.195.160.147 eq 257 log

permit tcp host 172.28.228.242 host 161.195.160.147 eq 257 log

permit tcp any host 161.195.160.147 eq 257 log

permit tcp any any eq 257 log

permit ip any any

ip access-list extended Log-Testing2

permit tcp host 172.28.228.243 host 161.195.160.147 eq 257 log

permit tcp host 172.28.228.242 host 161.195.160.147 eq 257 log

permit tcp any host 161.195.160.147 eq 257 log

permit tcp any any eq 257 log

permit ip any any

!

And here are the interface configurations:

interface Serial0/0/0:1

description MPLS

bandwidth 2048

ip address XXX.XXX.XXX.XXX 255.255.255.252

ip access-group Log-Testing out

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

service-policy output XXXXXXXX

!

interface FastEthernet0/0

ip address XXX.XXX.XXX.XXX 255.255.255.248

ip access-group Log-Testing2 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

ip route-cache flow

no ip mroute-cache

duplex full

speed 100

no mop enabled

!

Thanks