Thanks, Paul. The PG solution states ip, which gave me an unsure feeling.

Am 23.08.2009 um 20:03 schrieb Paul Stewart:

You should be able to match on the protocol TCP instead of the protocol IP. That alone should not modify the behavior, since it is only applicable to TCP. However, you can define the ACL to also define a port. That way, you can get more granular and only look at certain traffic with the intercept process. This can help the resource utilization on the router.

Message: 5
Date: Sun, 23 Aug 2009 17:01:37 +0200
From: Simon Baumann <[email protected]>
Subject: [OSL | CCIE_Security] TCP Intercept related question.
To: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

Hi,
when I define an access-list for TCP intercept: could I match on the
procotcol tcp instead of ip?
Does it have any influence on this feature?
TIA.

Regards
Simon


End of CCIE_Security Digest, Vol 38, Issue 36
*********************************************


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to