ACL using tcp port 0?

mikearamamikearama Posts: 749Member
I kid you not... got this request yesterday, to open a firewall port for an application that internally uses tcp 0. Haven't seen that in my 12 years in networks.

Now access to the application is being requested for a partner, so access through some ASA's is required. I would add this kinda ACL:

access-list acl_BNS ext per tcp 10.9.37.0 255.255.255.128 host 10.60.25.149 eq 0

I would expect this ACL to error out. Before I try it... anyone else ever had such a request? Will it work?

Thanks,
Mike
There are only 10 kinds of people... those who understand binary, and those that don't.

CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.

Comments

  • shodownshodown Posts: 2,271Member
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • mikearamamikearama Posts: 749Member
    Good fine, sho.

    I had read similar... and that typical tcp stacks will reject anything arriving for tcp/0. And yet, we have it in use in our corporate lan.

    Still, I think the ASA's, like the MAR's appliance in your link, will see tcp/0 as problematic. I'm kinda looking forward to trying it out tonight, just to see what happens.
    There are only 10 kinds of people... those who understand binary, and those that don't.

    CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110

    Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project.
Sign In or Register to comment.