DLSw via VPN.

Unanswered Question
Apr 3rd, 2007
User Badges:

Hi all, I have inherited a network using DLSw and have limited experience. Previously all the traffic has been via TCP/2065 on Point to Point WAN or MPLS links through a PIX firewall. We have just started to test passing DLSw over IPSec VPN tunnels to a 3030 concentrator. In order for the peers to activate we have had to enable TCP/2067 on the PIX in addition to TCP/2065.


I have read a little about DLSw+ and rfc2166 but nothing is jumping out at me why the DLSw peers connect fine over the MPLS links through the PIX on tcp/2065 but when passing through the VPN tunnel to the PIX then TCP/2067 needs enabling.


Has anyone else had this issue/knows what is causing it?


Thanks.

Ian.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Mon, 04/09/2007 - 05:52
User Badges:
  • Silver, 250 points or more

In the sample configuration in this document, there are two routers with data-link switching (DLSw) peers set up between their loopback interfaces. All DLSw traffic is encrypted between them. This configuration works for any self-generated traffic the router transmits.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f71.shtml


i.parsons Tue, 05/22/2007 - 01:37
User Badges:

Thanks for the reply didyap, however, its not that actually configuration of DLSw that is causing us problems. It's just the knowledge needed as to why opening tcp/2067 is required on a vpn connection through our pix f/w but not on a normal MPLS connection going through the same f/w.

Actions

This Discussion