DLSw via VPN.

ukcomms · ‎04-03-2007

Hi all, I have inherited a network using DLSw and have limited experience. Previously all the traffic has been via TCP/2065 on Point to Point WAN or MPLS links through a PIX firewall. We have just started to test passing DLSw over IPSec VPN tunnels to a 3030 concentrator. In order for the peers to activate we have had to enable TCP/2067 on the PIX in addition to TCP/2065.

I have read a little about DLSw+ and rfc2166 but nothing is jumping out at me why the DLSw peers connect fine over the MPLS links through the PIX on tcp/2065 but when passing through the VPN tunnel to the PIX then TCP/2067 needs enabling.

Has anyone else had this issue/knows what is causing it?

Thanks.

Ian.

didyap · ‎04-09-2007

In the sample configuration in this document, there are two routers with data-link switching (DLSw) peers set up between their loopback interfaces. All DLSw traffic is encrypted between them. This configuration works for any self-generated traffic the router transmits.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f71.shtml

i.parsons · ‎05-22-2007

Thanks for the reply didyap, however, its not that actually configuration of DLSw that is causing us problems. It's just the knowledge needed as to why opening tcp/2067 is required on a vpn connection through our pix f/w but not on a normal MPLS connection going through the same f/w.