Isakmp and gdoi don't register as open ports. Use show control-plane host
open-ports to see the ports that will be excluded from a match closed-ports.
You need to use a match-all class map and 'match not gdoi' or 'match not
isakmp' when trying to drop closed ports with a class map.
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Mark Senteza [[email protected]]
Received: Friday, 20 May 2011, 5:00pm
To: Kingsley Charles [[email protected]]
CC: [email protected] [[email protected]]
Subject: Re: [OSL | CCIE_Security] Yusuf Bhaiji LAB 2 - Section 6.1
I'd have also thought that the control plane would recognize UDP 848 as an open
port, prior to you having to configure the port filtering.
When you run "show control-plane host open-ports", does UDP 848 appear in the
listed ports ?
Mark
On Fri, May 20, 2011 at 1:15 AM, Kingsley Charles
<[email protected]<mailto:[email protected]>> wrote:
I don't think so, it is a bug.
You should configure "match not udp port 500" on the safer side bcos, even
after a successful VPN connections, I don't see UDP 500 as an open port in "sh
control-plane host open-ports"
class-map type port-filter match-all pf
match closed-ports
match not port udp 500
With regards
Kings
On Fri, May 20, 2011 at 12:46 PM, Louis van Zyl - Business Connexion
<[email protected]<mailto:[email protected]>> wrote:
I have seen exactly the same thing, somehow it doesn’t realize the port as
open. In another lab I also had to do the same with UDP/500. My guess is that
it must be a bug in the specific IOS version
This e-mail and its contents are subject to the Business Connexion (Pty) Ltd.
E-mail legal notice
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com<http://portal.mxlogic.com/redir/?atPhOqerLefzzhOrjK-U-MYUyOr01imYfm-c-ndTWVEVs73C4jhOO-rKrJqnyJfIT6kONsxlK5LE2GMfB3Wjrgb7OFfBPrPBSjqbdTPhOC-COqejrXNI5-Aq83iS61waCy03jh092gqd2ENZCUOCmdbFEw0Xt6Tjh0cAZA8Od40l41AQg9Cy0Kq81zXjBm1EwsV4TfM-ub7Xa1J4SMrjK-U-MYMOYrvW0f>
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com<http://portal.mxlogic.com/redir/?FTd79EVKYU-ed79JeXXzX3Pyb9I045zZDa3qEmfSTG_2vbCXZsQsK3xP29EVpvdTdSJbNmDSrzapoKgGT2TQ1lo7OxZ9JE5zVkDOVJVOX9J5CXVEVjvjpd79JZUS2_id41Fr30M5jh01FEw4x8d6xko-Pspjb6BQQg0tKzrFEw6iuO4p6y0ay0Oq84Ph0nd40NZFOH0QgesyrDUvf5zZB0SCrodFTvsvouopudD1s81oGn>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com<http://portal.mxlogic.com/redir/?5eVEVd7dTD7NNEVdFTvsvoushpdw0Fbu7Hv6vbCXZsQsK3xP29EVpvdTdSJbNmDSrzapoKgGT2TQ1lo7OxZ9JE5zVkDOVJVOX9J5CXVEVjvjpd79JZUS2_id41Fr30M5jh01FEw4x8d6xko-Pspjb6BQQg0tKzrFEw6iuO4p6y0ay0Oq84Ph0nd40NZFOH0QgesyrDUvf5zZB0SOrodFTvsvouopud-0XCeRyG>
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com<http://portal.mxlogic.com/redir/?atPhOqerLefzzhOrjK-U-MYUyOr011o_pOwSG5zZJWLMDOVK_nd7bwUsMyqemnPtPtHiYlFZCUOCmbAaJMJZ0lm1YEvirq1o-l9YKrusKOrhpK-qekTQSjhOrvudwLQzh0qmMMc1kQg0qq818i3hEl6fIT6kONFtd407rESWq81ADIx6hEw2EwcCy1cQg5Ph0cvqsGMd43D8CV-7PNo_pgdI6S3qtTT7S7C6nzt89fEO0yfH69>
This communication is the property of ClarkDietrich Building Systems LLC and may
contain confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have received
this communication in error, please immediately notify the sender by reply and
destroy all copies of the communication and any attachments.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
