Hi all, I have inherited a network using DLSw and have limited experience. Previously all the traffic has been via TCP/2065 on Point to Point WAN or MPLS links through a PIX firewall. We have just started to test passing DLSw over IPSec VPN tunnels to a 3030 concentrator. In order for the peers to activate we have had to enable TCP/2067 on the PIX in addition to TCP/2065.
I have read a little about DLSw+ and rfc2166 but nothing is jumping out at me why the DLSw peers connect fine over the MPLS links through the PIX on tcp/2065 but when passing through the VPN tunnel to the PIX then TCP/2067 needs enabling.
Has anyone else had this issue/knows what is causing it?
In the sample configuration in this document, there are two routers with data-link switching (DLSw) peers set up between their loopback interfaces. All DLSw traffic is encrypted between them. This configuration works for any self-generated traffic the router transmits.
Thanks for the reply didyap, however, its not that actually configuration of DLSw that is causing us problems. It's just the knowledge needed as to why opening tcp/2067 is required on a vpn connection through our pix f/w but not on a normal MPLS connection going through the same f/w.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :