There are many ports that don't appear in the list when you enable the services. What is there is limited so make sure you account for anything else with match not
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Mark Senteza Sent: Friday, May 20, 2011 4:41 PM To: Kingsley Charles Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Yusuf Bhaiji LAB 2 - Section 6.1 I'd have also thought that the control plane would recognize UDP 848 as an open port, prior to you having to configure the port filtering. When you run "show control-plane host open-ports", does UDP 848 appear in the listed ports ? Mark On Fri, May 20, 2011 at 1:15 AM, Kingsley Charles <[email protected]> wrote: I don't think so, it is a bug. You should configure "match not udp port 500" on the safer side bcos, even after a successful VPN connections, I don't see UDP 500 as an open port in "sh control-plane host open-ports" class-map type port-filter match-all pf match closed-ports match not port udp 500 With regards Kings On Fri, May 20, 2011 at 12:46 PM, Louis van Zyl - Business Connexion <[email protected]> wrote: I have seen exactly the same thing, somehow it doesn't realize the port as open. In another lab I also had to do the same with UDP/500. My guess is that it must be a bug in the specific IOS version This e-mail and its contents are subject to the Business Connexion (Pty) Ltd. E-mail legal notice _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
