10-08-2002 05:44 PM - edited 03-02-2019 01:56 AM
We run Dial on Demand to manage our ISDN services (for the cost saving benefits).
We've recently installed some Windows XP PC's to the remote sites. These are keeping the links open out of hours. Anyone have any ideas which ports I can deny to keep the links down.
Here's an example of one of my access-lists.
access-list 131 permit tcp any any eq telnet
access-list 131 permit tcp any any eq 1494 (Citrix)
access-list 131 permit tcp any any eq 1604 (Citrix)
access-list 131 deny tcp any eq lpd any
access-list 131 deny ip any host 0.0.0.255
access-list 131 deny ip any host 255.255.255.255
access-list 131 deny eigrp any any
access-list 131 deny udp any any
access-list 131 deny icmp any any
access-list 131 permit ip any any
10-08-2002 08:26 PM
Are you sure, that its the Windows XP PCs which are creating the problem??
Because, for domain browsing, netbios uses udp 136, 137 etc, which have been denied by the statement "access-list 131 deny udp any any " . Was this behaviour noticed, before installing the XP PCs.
10-08-2002 08:28 PM
When we just had Windows 98 Pc's out in remote sites we didn't have a problem.
We also recently installed Active Directory at the main office. I'm trying to work out what traffic is keeping the links up.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: