This is for more general topics about networking and vendors.
Yes mark i can see the ports 1604 and 1494 when i did a show ip nbar port-map.sh ip nbar port-map port-map bgp udp 179 port-map bgp tcp 179 port-map citrix udp 1604 port-map citrix tcp 1494 port-map cuseeme udp 7648 7649 24032 port-map cuseeme tcp 7648 7649 port-map dhcp udp 67 68 port-map dns udp 53 port-map dns tcp 53sh access-lists Extended IP access list 103 10 permit tcp any any eq 3389 20 permit tcp any eq 3389 anyExtended IP access list 110 10 permit tcp any eq 2598 any 20 permit tcp any any eq 2598 30 permit tcp any eq 1494 any 40 permit tcp any any eq 1494 (3 matches) 50 permit tcp any eq 1604 any 60 permit tcp any any eq 1604Only three packets are matched with port 1494. When i did a "bebug ip packet 110 detail" i couldn't see any packets matching ACL 110.Is there any other commands or debug comands to check the ports for the existing traffic.ThanksRajesh
Hi,it looks to me as if your CITRIX implementation does not use the ports NBAR is looking for. Can you check the ports CITRIX is using, or whether there is any tunneling/encryption applied to CITRIX traffic. The last thing that could happen: are you sure about CITRIX or could it be MS remote desktop or other stuff?Just for testing I would specify the CITRIX server IP and not be port specific in the ACL.Regards, Martin
Thanks for your help guys..Today morning i noticed that the packets are being captured and working fine. As Martin said, thinking of discussing with the Citrix administrator to know the exact ports and to apply ACL's for better performance.Once again thanks for all your help and support.