04-03-2007 06:08 AM - edited 02-21-2020 02:57 PM
Hi all, I have inherited a network using DLSw and have limited experience. Previously all the traffic has been via TCP/2065 on Point to Point WAN or MPLS links through a PIX firewall. We have just started to test passing DLSw over IPSec VPN tunnels to a 3030 concentrator. In order for the peers to activate we have had to enable TCP/2067 on the PIX in addition to TCP/2065.
I have read a little about DLSw+ and rfc2166 but nothing is jumping out at me why the DLSw peers connect fine over the MPLS links through the PIX on tcp/2065 but when passing through the VPN tunnel to the PIX then TCP/2067 needs enabling.
Has anyone else had this issue/knows what is causing it?
Thanks.
Ian.
04-09-2007 05:52 AM
In the sample configuration in this document, there are two routers with data-link switching (DLSw) peers set up between their loopback interfaces. All DLSw traffic is encrypted between them. This configuration works for any self-generated traffic the router transmits.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f71.shtml
05-22-2007 01:37 AM
Thanks for the reply didyap, however, its not that actually configuration of DLSw that is causing us problems. It's just the knowledge needed as to why opening tcp/2067 is required on a vpn connection through our pix f/w but not on a normal MPLS connection going through the same f/w.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide