Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
0
Helpful
4
Replies

DLSW thru a 515 pix firewall

bellefontainea
Level 1
Level 1

‎09-16-2002 08:52 AM - edited ‎02-20-2020 10:15 PM

We have a firewall inbetween our remote support office and where the AS/400's are. I believe I have everything configured correctly. I have the dlsw peers up , but cannot get the dlsw circuits established.

On the f/wall I am seeing this message.

500004: Invalid transport field for protocol=17, from 10.192.107.251/0 to 172.31.1.50/2067

the 10.192 is on the inside of the f/wall land the 172.31 is on the outside. Can you shed any light???

tks

Ann Marie

0 Helpful
4 Replies 4

steve.barlow
Level 7
Level 7

‎09-16-2002 01:21 PM

What version of PIX are you running? Bug CSCdk77341 affected dlsw thru PIX until version 4.2(4).

Also look at :http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/ibm_c/bcprt2/bcdlsw.htm#xtocid2434628

Hope it helps.

Steve

0 Helpful

steve.barlow
Level 7
Level 7
In response to steve.barlow

‎09-16-2002 04:14 PM

For my second point see bug CSCdt49040.

DESCRIPTION:

The PIX will not allow UDP packets through it with with a source port of

0 (zero).

EXAMPLE:

If a packet is sent through the PIX with a source port of 0, the PIX will

drop the packet and generate a syslog message similar to the following:

PIX-4-500004: Invalid transport field for protocol=17, from 10.34.2.15/0 to 192.168.1.6/514

The two cases we have seen on this are as follows:

1) DLSW CUR (Can you reach) packets use a source port of 0.

2) Some syslog clients use UDP source port 0 when sending messages to the syslog server.

WORKAROUND:

1) Enter the following command in the global config to disable the use

of UDP between the DLSW peers:

"dlsw udp-disable"

2) There is no workaround at this time. The draft RFC for syslog suggest

using a UDP source port of 514.

FIX:

This bug is fixed in PIX releases 5.3(2), 6.0(1) and higher.

It will also be in PIX 5.2(7) when it comes out.

0 Helpful

bellefontainea
Level 1
Level 1
In response to steve.barlow

‎09-17-2002 05:16 AM

F/wall is at version 5.3(1) so I will upgrade first , I am a little concerned with the work around since I have 150 sites connecting to the router where the AS/400 is .

tks

Ann Marie

0 Helpful

bellefontainea
Level 1
Level 1

‎09-23-2002 04:01 AM

Upgrading the firewall worked.

tks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card