Kingsley,
In the lab the requirement was to only affect the login page because without it they can't login. But if you wanted to be able to get to the rest of the pages then yes you need to include those ports. By default it uses 16000 ports. But you can restrict this to a group of ports in the Admin page. You would then need to add these additional ports to the port-map. You need at least 3-5 ports in the port range. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Thursday, February 04, 2010 9:23 AM To: [email protected] Subject: [OSL | CCIE_Security] Vol 1 - Lab 2 - HTTP L7 inspection Hi all To inspect the ACS traffic, we need add a port map for http with port 2002. With this, if I add L4 inspection and try to inspect the ACS admin page HTTP traffic, the ACS login page comes successfully. But when I login into ACS, it fails. I think, since the ACS use dynamic port numbers, the http fails to inspect them. Has anyone tried it? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
