[nsp] Access-list question
Hudson Delbert J Contr 61 CS/SCBN
Delbert.Hudson at LOSANGELES.AF.MIL
Mon Oct 27 15:15:02 EST 2003
kevin,
kwik refs...
http://www.iana.org/assignments/port-numbers
http://www.iana.org/assignments/protocol-numbers
hope ya' find these url's usefull.
~v/r
Del Hudson
61CS/SCBN - LAAFB NCC
Network Architecture & Engineering Group
delbert.hudson at losangeles.af.mil
-----Original Message-----
From: Kevin [mailto:kevin at honeycomb.net]
Sent: Monday, October 27, 2003 12:03 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] Access-list question
Thanks all for quick response :)
Kevin,
-----Original Message-----
From: Mark Persiko [mailto:mark.persiko at bvsd.k12.co.us]
Sent: Monday, October 27, 2003 1:59 PM
To: kevin at honeycomb.net
Cc: cisco-nsp at puck.nether.net
Subject: RE: [nsp] Access-list question
The IP # "50" is neither TCP nor UDP, but it's a different Layer-4
protocol (called ESP = "Encapsulation Security Payload.)
As a result, the access-list would be:
! ISAKMP
access-list 131 permit udp any any eq 500
! ESP
access-list 131 permit esp any any
Thanks,
Mark
- Mark C. Persiko, Network Engineer
- IT Division, Boulder Valley School District
-----Original Message-----
From: Kevin [mailto:kevin at honeycomb.net]
Sent: Monday, October 27, 2003 12:51 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Access-list question
Does anyone know how allow ipsec through an accesslist?
I know ipsec uses port 500 UDP and port 50 IP?
Would it be?:
access-list 131 permit udp any any eq 500
access-list 131 permit tcp any any eq 50
access-list 131 permit udp any any eq 50
Kevin,
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list