It worked for me, just verified :-) Thx
On Thu, Feb 4, 2010 at 8:54 PM, Kingsley Charles <[email protected] > wrote: > Hi Tyson > > If we configure port map for http with all those dyamic ports that ACS > uses, then this should work, right? > > > > With regards > Kings > > On Thu, Feb 4, 2010 at 8:16 PM, Tyson Scott <[email protected]> wrote: > >> Kingsley, >> >> >> >> In the lab the requirement was to only affect the login page because >> without it they can't login. >> >> >> >> But if you wanted to be able to get to the rest of the pages then yes you >> need to include those ports. By default it uses 16000 ports. But you can >> restrict this to a group of ports in the Admin page. You would then need to >> add these additional ports to the port-map. You need at least 3-5 ports in >> the port range. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> >> Technical Instructor - IPexpert, Inc. >> >> Mailto: [email protected] >> >> Telephone: +1.810.326.1444, ext. 208 >> >> Live Assistance, Please visit: www.ipexpert.com/chat >> >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA >> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & >> Service Provider) Certification Training with locations throughout the >> United States, Europe and Australia. Be sure to check out our online >> communities at www.ipexpert.com/communities and our public website at >> www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Kingsley >> Charles >> *Sent:* Thursday, February 04, 2010 9:23 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] Vol 1 - Lab 2 - HTTP L7 inspection >> >> >> >> Hi all >> >> >> >> To inspect the ACS traffic, we need add a port map for http with port >> 2002. >> >> >> >> With this, if I add L4 inspection and try to inspect the ACS admin page >> HTTP traffic, the ACS login page comes successfully. But when I login into >> ACS, it fails. >> >> >> >> I think, since the ACS use dynamic port numbers, the http fails to inspect >> them. >> >> >> >> Has anyone tried it? >> >> >> >> >> >> >> >> >> >> With regards >> >> Kings >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
