Kings,
Thanks, but I don't understand.
This is the solution given by the WB:
class-map CUSTOM_FTP
match port tcp eq 21021
policy-map global_policy
class CUSTOM_FTP
inspect ftp
The keyword "ftp" tells me port 21 but we are using port 21021 for ftp. The
solution did not "port-map" the custom port to ftp. The only command-set
that is possibly "mapping" the port is:
class CUSTOM_FTP
inspect ftp
Is my assumption correct?
Thanks
Johan
From: Kingsley Charles [mailto:[email protected]]
Sent: 27 December 2010 04:08 PM
To: Johan Bornman
Cc: Vybhav Ramachandran; OSL Security
Subject: Re: [OSL | CCIE_Security] Lab 11 Task 1.7
Since you have configured "inspect ftp", asa does ftp inspection. If you add
"inspect http" it does http inspection on the ftp traffic which won't work.
With regards
Kings
On Mon, Dec 27, 2010 at 6:15 PM, Johan Bornman <[email protected]> wrote:
Thanks, Tacack.
How does the ASA know that the custom port is ftp, see my previous e-mail
about the ASA calling on ftp.
From: Vybhav Ramachandran [mailto:[email protected]]
Sent: 27 December 2010 02:41 PM
To: Johan Bornman; OSL Security
Subject: Re: [OSL | CCIE_Security] Lab 11 Task 1.7
Hello Johan,
According that configuration, i think FTP inspection will only occur on FTP
traffic that's using port 21021. I do not think it will inspect the traffic
that is using the default FTP port.
Cheers,
TacACK
_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
