Please see the ASA's regex O/P. "*" will not match anything in the case of regex.
asa1# test regex kinglsey .ing INFO: Regular expression match succeeded. asa1# test regex kinglsey *ing INFO: Regular expression match failed. asa1# test regex kinglsey .n INFO: Regular expression match succeeded. asa1# test regex kinglsey .*n INFO: Regular expression match succeeded. With regards Kings On Tue, Apr 6, 2010 at 4:45 AM, Willians Barboza <[email protected] > wrote: > the "*" in the begging will match anything before your regex... > > The key point here is to know to use the "test regex" command > > Use and abuse of this command as it is a life saver!!! > > -- > Willians Barboza > CCIE Security # 25629 > > > ---------- Forwarded message ---------- > From: Brandon Carroll <[email protected]> > Date: 2010/4/5 > Subject: Re: [OSL | CCIE_Security] Code red worm with NBAR > To: Kingsley Charles <[email protected]> > Cc: [email protected] > > > You're right. If you use the ? and it refers to a regular expression > then thats the way to go. If it wants a string, like this feature > does, then I would use a * as a wildcard like they have done in the > link you provided. I think you'll find most features are going to use > regular expressions. I don't have a list of which use which but it > sounds like it would make for a good blog post in the near future. :) > > Regards, > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, Audio Tools, Online Hardware Rental and Classroom Training for > the Cisco CCIE (R&S, Voice, Security & Service Provider) > certification(s) with training locations throughout the United States, > Europe, South Asia and Australia. Be sure to visit our online > communities at www.ipexpert.com/communities and our public website at > www.ipexpert.com > > > On Apr 5, 2010, at 10:30 AM, Kingsley Charles wrote: > > This is where I always get confused. > > Can you please let me know the CCIE security features in which we will > use ".*" and "*" as wild card mask. > > As far I know, features like IOS FW L7, ASA L7 inspection, ".*" will > be used a wild card mask with regex. > > > > > > With regards > Kings > > On Mon, Apr 5, 2010 at 10:55 PM, Brandon Carroll <[email protected]> > wrote: > > > > Its a wildcard to match any other string characters in a URL. > > http://192.168.1.1/mydirectory/default.ida > > > > > > /mydirectory/ would be matched by the *. > > > > Regards, > > Brandon Carroll - CCIE #23837 > > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > > Telephone: +1.810.326.1444 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > > > On Apr 5, 2010, at 10:23 AM, Kingsley Charles wrote: > > > > I get your point Brandon. But I am not understanding the purpose of "*" > in this configuration. > > > > > > With regards > > Kings > > > > On Mon, Apr 5, 2010 at 10:49 PM, Brandon Carroll <[email protected]> > wrote: > >> > >> I don't think this is a string that matches the same as standard regular > expressions that you would see in IPS or L7 class-maps on an ASA. Notice > the phrasing: > >> R6(config-cmap)#match protocol http url ? > >> WORD Enter a string as the sub-protocol parameter > >> R6(config-cmap)#match protocol http url > >> Of course I've never actually used a full-on regular expression here but > my understanding is that you are only matching a string in a url which is > why you do three lines like this: > >> > >> Router(config-cmap)#match protocol http url "*default.ida*" > >> Router(config-cmap)#match protocol http url "*cmd.exe*" > >> Router(config-cmap)#match protocol http url "*root.exe*" > >> > >> rather than one like this: > >> > >> Router(config-cmap)#match protocol http url > "*default.ida*|*cmd.exe*|*root.exe*" > >> > >> Regards, > >> Brandon Carroll - CCIE #23837 > >> Senior Technical Instructor - IPexpert > >> Mailto: [email protected] > >> Telephone: +1.810.326.1444 > >> Live Assistance, Please visit: www.ipexpert.com/chat > >> eFax: +1.810.454.0130 > >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > >> > >> > >> On Apr 5, 2010, at 10:11 AM, Kingsley Charles wrote: > >> > >> Hi Brandon > >> > >> a*b will match aaaab, b, aab, ab. > >> > >> *b is invalid as there is no character before "*" to repeat > >> > >> > >> Can you please explain what will [match protocol http url "*cmd.exe*] > match? > >> > >> With regards > >> Kings > >> > >> On Mon, Apr 5, 2010 at 10:34 PM, Brandon Carroll <[email protected]> > wrote: > >>> > >>> Kings, > >>> I dont think you need the "." before or after. The "*" should account > for that. > >>> Regards, > >>> Brandon Carroll - CCIE #23837 > >>> Senior Technical Instructor - IPexpert > >>> Mailto: [email protected] > >>> Telephone: +1.810.326.1444 > >>> Live Assistance, Please visit: www.ipexpert.com/chat > >>> eFax: +1.810.454.0130 > >>> IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, Audio Tools, Online Hardware Rental and Classroom Training for the > Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > >>> > >>> > >>> On Apr 5, 2010, at 9:43 AM, Kingsley Charles wrote: > >>> > >>> * > >> > >> > > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
