[nsp] Access-list question

[Hudson Delbert J Contr 61 CS/SCBN]

kevin,

kwik refs...

http://www.iana.org/assignments/port-numbers

http://www.iana.org/assignments/protocol-numbers

hope ya' find these url's usefull.

~v/r
Del Hudson
61CS/SCBN - LAAFB NCC
Network Architecture & Engineering Group
delbert.hudson at losangeles.af.mil



-----Original Message-----
From: Kevin [mailto:kevin at honeycomb.net]
Sent: Monday, October 27, 2003 12:03 PM
To: cisco-nsp at puck.nether.net
Subject: RE: [nsp] Access-list question


Thanks all for quick response :)


Kevin,

-----Original Message-----
From: Mark Persiko [mailto:mark.persiko at bvsd.k12.co.us] 
Sent: Monday, October 27, 2003 1:59 PM
To: kevin at honeycomb.net
Cc: cisco-nsp at puck.nether.net
Subject: RE: [nsp] Access-list question


The IP # "50" is neither TCP nor UDP, but it's a different Layer-4
protocol (called ESP = "Encapsulation Security Payload.)

As a result, the access-list would be:

! ISAKMP
access-list 131 permit udp any any eq 500
! ESP
access-list 131 permit esp any any

Thanks,
 Mark

- Mark C. Persiko, Network Engineer
- IT Division, Boulder Valley School District



-----Original Message-----
From: Kevin [mailto:kevin at honeycomb.net] 
Sent: Monday, October 27, 2003 12:51 PM
To: cisco-nsp at puck.nether.net
Subject: [nsp] Access-list question


Does anyone know how allow ipsec through an accesslist?
I know ipsec uses port 500 UDP and port 50 IP?

Would it be?:
access-list 131 permit udp any any eq 500
access-list 131 permit tcp any any eq 50
access-list 131 permit udp any any eq 50

Kevin,




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/