If you're talking in reference to tcp only I need to say you can't. The first one is for packets inspected by CBAC. The second set is for TCP intercept. Thus you need to understand the differences between CBAC and tcp intercept. The CBAC watches udp (as you said) and thus the max would also watch for udp (one direction) connection and count that towards the max. Thus the difference in the command is the difference in the two DoS prevention methods.
http://www.cisco.com/en/US/partner/docs/ios/security/command/reference/sec_i2.html#wp1049062 Look under the command and usage guide. -B From: [email protected] [mailto:[email protected]] On Behalf Of Kyle Ross Sent: Wednesday, December 22, 2010 1:32 PM To: Kyle Ross; CCIE Security Maillist Subject: Re: [OSL | CCIE_Security] TCP intercept vs CBAC inspect In regards to TCP only. I know inspect does UDP and ICMP as well. Sorry I left that out. ________________________________ From: [email protected] [[email protected]] On Behalf Of Kyle Ross [[email protected]] Sent: Wednesday, December 22, 2010 1:25 PM To: CCIE Security Maillist Subject: [OSL | CCIE_Security] TCP intercept vs CBAC inspect Hello All, I am having difficulty explaining the difference between ip inspect max-incomplete and ip tcp intercept max-incomplete to myself. Could someone please help me out? ip inspect max-incomplete low 400 ip inspect max-incomplete high 800 ! ip tcp intercept max-incomplete low 400 ip tcp intercept max-incomplete high 800 Kyle
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
