Hi Kings, I tried configuring it, since we cant have Msg Body Pattern and Define Web Traffic Policy in the same sign under sig engine, I have created sub-signature with service http and add the patter under regex..
Question.. - is that fulfill my requirement and is there any other solution. -during the exam can we create signature with sub-sig such situation..? Here is my requirement again... when configuring customs signature...and asked that signature should protect tunneling over http (such as P2P or instant messaging), do we need to configure any additional configuration apart from configuring service http type engine matching any patern (using regex) and service-port 80.. because still I'm confused how does protect tunneling over http for P2P/instant messaging etc. and also I want to match any pattern (ie..bomb..) in the url.. thanks On Mon, Feb 28, 2011 at 9:56 AM, Kingsley Charles < [email protected]> wrote: > Never tried but I guess Msg Body Pattern should do it. Please lab it out. > > With regards > Kings > > > On Sun, Feb 27, 2011 at 10:04 PM, Pemasiri Devanarayana < > [email protected]> wrote: > >> Hi Kings, >> >> I just need add something more on this question.. if the same signature >> want to match any pattern in the url (ie.Bomb) where are we write the >> pattern...? >> >> thanks. >> >> >> 3) when configuring customs signature...and asked that signature should >>> protect tunneling over http (such as P2P or instant messaging), do we need >>> to configure any additional configuration apart from configuring service >>> http type engine matching any patern (using regex) and service-port 80.. >>> because still I'm confused how does protect tunneling over http for >>> P2P/instant messaging etc. >>> >> >> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP Traffic" >> >> >> On Thu, Feb 24, 2011 at 7:49 PM, Pemasiri Devanarayana < >> [email protected]> wrote: >> >>> Thanks a lot King for you time on responding this and clarifying them... >>> I will check them and get back to you if any further doubts.. :) >>> >>> >>> On Thu, Feb 24, 2011 at 4:53 AM, Kingsley Charles < >>> [email protected]> wrote: >>> >>>> Comments inline...... >>>> >>>> With regards >>>> Kings >>>> >>>> On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I would appreciate the correct solutions (as expected in the lab >>>>> grading) for below points on various sections of the labs. >>>>> >>>>> 1) if a question asked to authenticate and authorized on particular >>>>> telnet connection ie line 1 & 3 and not to authtenticate on line say 5, >>>>> will >>>>> the following solution is correct (assumed we have already configured aaa) >>>>> >>>> >>>> I guess configuring "transport input telnet" would be required for >>>> line 1 and 3. But lIne 1 is aux 0.actually. >>>> >>>>> >>>>> line vty 1 (or 3) >>>>> login authentication xxxx (aaa method) >>>>> authorization exec xxxx >>>>> authorization command xx xxxx >>>>> ! >>>>> line vty 5 >>>>> login authentication yyyy (aaa method, none) >>>>> >>>>> 2) when configuring IP NBAR do we need to add the following command in >>>>> addition service-police under the interface. >>>>> interface x/x >>>>> ip nbar protocol-discovery >>>>> service-policy input <pm-name> >>>>> >>>>> ip nbar protocol-discovery is not required >>>> >>>> >>>> >>>> >>>>> 3) when configuring customs signature...and asked that signature >>>>> should protect tunneling over http (such as P2P or instant messaging), do >>>>> we >>>>> need to configure any additional configuration apart from configuring >>>>> service http type engine matching any patern (using regex) and >>>>> service-port >>>>> 80.. because still I'm confused how does protect tunneling over http for >>>>> P2P/instant messaging etc. >>>>> >>>> >>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >>>> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP >>>> Traffic". >>>> >>>> >>>>> >>>>> Thanks in advance... >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
