Home
Certification Preparation
Cisco
CCNP
CCNP Security
ACL using tcp port 0?
mikearama
I kid you not... got this request yesterday, to open a firewall port for an application that internally uses tcp 0. Haven't seen that in my 12 years in networks.
Now access to the application is being requested for a partner, so access through some ASA's is required. I would add this kinda ACL:
access-list acl_BNS ext per tcp 10.9.37.0 255.255.255.128 host 10.60.25.149 eq 0
I would expect this ACL to error out. Before I try it... anyone else ever had such a request? Will it work?
Thanks,
Mike
Find more posts tagged with
Comments
shodown
this may help
https://supportforums.cisco.com/thread/244752
mikearama
Good fine, sho.
I had read similar... and that typical tcp stacks will reject anything arriving for tcp/0. And yet, we have it in use in our corporate lan.
Still, I think the ASA's, like the MAR's appliance in your link, will see tcp/0 as problematic. I'm kinda looking forward to trying it out tonight, just to see what happens.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
