Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DLSW thru a 515 pix firewall

We have a firewall inbetween our remote support office and where the AS/400's are. I believe I have everything configured correctly. I have the dlsw peers up , but cannot get the dlsw circuits established.

On the f/wall I am seeing this message.

500004: Invalid transport field for protocol=17, from 10.192.107.251/0 to 172.31.1.50/2067

the 10.192 is on the inside of the f/wall land the 172.31 is on the outside. Can you shed any light???

tks

Ann Marie

4 REPLIES

Re: DLSW thru a 515 pix firewall

What version of PIX are you running? Bug CSCdk77341 affected dlsw thru PIX until version 4.2(4).

Also look at :http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/ibm_c/bcprt2/bcdlsw.htm#xtocid2434628

Hope it helps.

Steve

Re: DLSW thru a 515 pix firewall

For my second point see bug CSCdt49040.

DESCRIPTION:

The PIX will not allow UDP packets through it with with a source port of

0 (zero).

EXAMPLE:

If a packet is sent through the PIX with a source port of 0, the PIX will

drop the packet and generate a syslog message similar to the following:

PIX-4-500004: Invalid transport field for protocol=17, from 10.34.2.15/0 to 192.168.1.6/514

The two cases we have seen on this are as follows:

1) DLSW CUR (Can you reach) packets use a source port of 0.

2) Some syslog clients use UDP source port 0 when sending messages to the syslog server.

WORKAROUND:

1) Enter the following command in the global config to disable the use

of UDP between the DLSW peers:

"dlsw udp-disable"

2) There is no workaround at this time. The draft RFC for syslog suggest

using a UDP source port of 514.

FIX:

This bug is fixed in PIX releases 5.3(2), 6.0(1) and higher.

It will also be in PIX 5.2(7) when it comes out.

New Member

Re: DLSW thru a 515 pix firewall

F/wall is at version 5.3(1) so I will upgrade first , I am a little concerned with the work around since I have 150 sites connecting to the router where the AS/400 is .

tks

Ann Marie

New Member

Re: DLSW thru a 515 pix firewall

Upgrading the firewall worked.

tks

112
Views
0
Helpful
4
Replies
CreatePlease login to create content