Hi Tyson If we configure port map for http with all those dyamic ports that ACS uses, then this should work, right?
With regards Kings On Thu, Feb 4, 2010 at 8:16 PM, Tyson Scott <[email protected]> wrote: > Kingsley, > > > > In the lab the requirement was to only affect the login page because > without it they can't login. > > > > But if you wanted to be able to get to the rest of the pages then yes you > need to include those ports. By default it uses 16000 ports. But you can > restrict this to a group of ports in the Admin page. You would then need to > add these additional ports to the port-map. You need at least 3-5 ports in > the port range. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, February 04, 2010 9:23 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Vol 1 - Lab 2 - HTTP L7 inspection > > > > Hi all > > > > To inspect the ACS traffic, we need add a port map for http with port 2002. > > > > With this, if I add L4 inspection and try to inspect the ACS admin page > HTTP traffic, the ACS login page comes successfully. But when I login into > ACS, it fails. > > > > I think, since the ACS use dynamic port numbers, the http fails to inspect > them. > > > > Has anyone tried it? > > > > > > > > > > With regards > > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
