Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

allow msn messenger through cisco router

Unanswered Question
Jul 14th, 2008
User Badges:

My configuration:

internet - linux router - (acl 104, in)cisco router(acl 102 in)

-acl 102 is for originating traffic for and acl 104 is for returning traffic.

router has:

- (linux - internet)

- (cisco - linux - internet)

- (cisco - linux - internet)

I know that msn works with 1863 tcp port, but to be sure I permitet all IP traffic.

For, I have a VPN IPSEC, esp with nat overload built. acl 106 is (access-list 106 permit ip VPN-peer)

For, I have also acl 102 (access-list 102 permit ip any any) and for returning traffic acl 104 (access-list 104 permit ip any any)

The linux router is just forwording everything that comes from cisco, both directions.

tcpdump -i eth0 | grep 1863:

11:45:51.363235 IP > S 1454326243:1454326243(0) win 65535 <mss 1460,nop,nop,sackOK>

11:45:51.549590 IP > S 1352546280:1352546280(0) ack 1454326244 win 16384 <mss 1460,nop,nop,sackOK>

11:45:51.550343 IP > . ack 1 win 65535

11:45:51.551922 IP > P 1:28(27) ack 1 win 65535

11:45:51.737816 IP > P 1:28(27) ack 28 win 65508

11:45:51.739330 IP > R 1454326271:1454326271(0) win 65508

The VPN is working fine. Only this msn traffic is not working. The subnet which is going drirectly through linux server(not through cisco router) is working fine with msn.

Msn is not working only for the which is going through cisco, then through linux.

I hope u understand the topology.

What is the R (reset) from the last line fron tcpdump output means?

I don't know where to look anymore?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Spinu Viorel Mon, 07/14/2008 - 02:52
User Badges:

I did a search on Internet and I found this information:

Cisco IOS Firewall Instant Messenger Support Restriction

Cisco IOS firewall supports only the following versions of each Instant Messenger (IM) application:

"Yahoo Messenger supported versions:,,, and

"MSN supported versions: 6.2.0205 and 7.0.0816

"AOL supported version: 5.9.3702

Note All other IM version connections will be reset.

I have MSN I tried to install 7.0.0816 but it says that a newer version is available and if I want to continue I have to install it (the newer version). So I guess this means I can't use MSN with cisco router(I forgot: I have cisco 1812, IOS Version 12.3(8r)YH8)

Can anybody confirm this information?

I thought my problem comes from acl,vpn configuration, but it seems is a aplication version problem!

cisco24x7 Mon, 07/14/2008 - 03:13
User Badges:
  • Silver, 250 points or more


LAN network is

Internet is

C2621 has an IP of on the LAN side

and on the Internet

interface F0/1

ip address

ip nat inside

interface F0/0

ip address

ip nat outside

access-list 100 permit ip any

ip nat inside source list 100 interface F0/0 overload

I have a host on a LAN side with Microsoft

MSN version 8.1 and it is working fine.

Furthermore, I am using IOS version 12.3(12)19

with CBAC.

cisco24x7 Tue, 07/15/2008 - 03:29
User Badges:
  • Silver, 250 points or more

I have this:

ip inspect name CBAC tcp alert on audit-trail on timeout 43200

ip inspect name CBAC udp alert on audit-trail on timeout 43200

ip inspect name CBAC icmp alert on audit-trail on

ip inspect name CBAC http alert on audit-trail on

ip inspect name CBAC smtp alert on audit-trail on

interface f0/0

ip inspect CBAC out

ip access-group black_hole in

ip access-list extended black_hole

deny ip any any log


This Discussion