Thanks, Paul. The PG solution states ip, which gave me an unsure
feeling.
Am 23.08.2009 um 20:03 schrieb Paul Stewart:
You should be able to match on the protocol TCP instead of the
protocol IP. That alone should not modify the behavior, since it is
only applicable to TCP. However, you can define the ACL to also
define a port. That way, you can get more granular and only look at
certain traffic with the intercept process. This can help the
resource utilization on the router.
Message: 5
Date: Sun, 23 Aug 2009 17:01:37 +0200
From: Simon Baumann <[email protected]>
Subject: [OSL | CCIE_Security] TCP Intercept related question.
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Hi,
when I define an access-list for TCP intercept: could I match on the
procotcol tcp instead of ip?
Does it have any influence on this feature?
TIA.
Regards
Simon
End of CCIE_Security Digest, Vol 38, Issue 36
*********************************************
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
