Hi Kings,
Appreciate your response on this. Service Http engine for match pattern on url AIC Htttp is for tunneling http. thanks On Wed, Mar 2, 2011 at 5:11 PM, Kingsley Charles <[email protected] > wrote: > I think, creating sub sigs - one of http tunneling and other for regex is > the only way. May be others can suggest, if there is any other way. > I raised the same question in this forum earlier and it seems, it is the > only way. > > Why are you referring to service http engine. I don't think we can use it > here because detecting http tunneling is also required. > > > With regards > Kings > > > On Wed, Mar 2, 2011 at 7:21 PM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi Kings, >> >> I tried configuring it, since we cant have Msg Body Pattern and Define Web >> Traffic Policy in the same sign under sig engine, I have created >> sub-signature with service http and add the patter under regex.. >> >> Question.. >> - is that fulfill my requirement and is there any other solution. >> -during the exam can we create signature with sub-sig such situation..? >> >> Here is my requirement again... >> when configuring customs signature...and asked that signature should >> protect tunneling over http (such as P2P or instant messaging), do we need >> to configure any additional configuration apart from configuring service >> http type engine matching any patern (using regex) and service-port 80.. >> because still I'm confused how does protect tunneling over http for >> P2P/instant messaging etc. and also I want to match any pattern (ie..bomb..) >> in the url.. >> >> thanks >> >> >> >> On Mon, Feb 28, 2011 at 9:56 AM, Kingsley Charles < >> [email protected]> wrote: >> >>> Never tried but I guess Msg Body Pattern should do it. Please lab it out. >>> >>> With regards >>> Kings >>> >>> >>> On Sun, Feb 27, 2011 at 10:04 PM, Pemasiri Devanarayana < >>> [email protected]> wrote: >>> >>>> Hi Kings, >>>> >>>> I just need add something more on this question.. if the same signature >>>> want to match any pattern in the url (ie.Bomb) where are we write the >>>> pattern...? >>>> >>>> thanks. >>>> >>>> >>>> 3) when configuring customs signature...and asked that signature should >>>>> protect tunneling over http (such as P2P or instant messaging), do we need >>>>> to configure any additional configuration apart from configuring service >>>>> http type engine matching any patern (using regex) and service-port 80.. >>>>> because still I'm confused how does protect tunneling over http for >>>>> P2P/instant messaging etc. >>>>> >>>> >>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >>>> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP >>>> Traffic" >>>> >>>> >>>> On Thu, Feb 24, 2011 at 7:49 PM, Pemasiri Devanarayana < >>>> [email protected]> wrote: >>>> >>>>> Thanks a lot King for you time on responding this and clarifying >>>>> them... I will check them and get back to you if any further doubts.. :) >>>>> >>>>> >>>>> On Thu, Feb 24, 2011 at 4:53 AM, Kingsley Charles < >>>>> [email protected]> wrote: >>>>> >>>>>> Comments inline...... >>>>>> >>>>>> With regards >>>>>> Kings >>>>>> >>>>>> On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I would appreciate the correct solutions (as expected in the lab >>>>>>> grading) for below points on various sections of the labs. >>>>>>> >>>>>>> 1) if a question asked to authenticate and authorized on particular >>>>>>> telnet connection ie line 1 & 3 and not to authtenticate on line say 5, >>>>>>> will >>>>>>> the following solution is correct (assumed we have already configured >>>>>>> aaa) >>>>>>> >>>>>> >>>>>> I guess configuring "transport input telnet" would be required >>>>>> for line 1 and 3. But lIne 1 is aux 0.actually. >>>>>> >>>>>>> >>>>>>> line vty 1 (or 3) >>>>>>> login authentication xxxx (aaa method) >>>>>>> authorization exec xxxx >>>>>>> authorization command xx xxxx >>>>>>> ! >>>>>>> line vty 5 >>>>>>> login authentication yyyy (aaa method, none) >>>>>>> >>>>>>> 2) when configuring IP NBAR do we need to add the following command >>>>>>> in addition service-police under the interface. >>>>>>> interface x/x >>>>>>> ip nbar protocol-discovery >>>>>>> service-policy input <pm-name> >>>>>>> >>>>>>> ip nbar protocol-discovery is not required >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> 3) when configuring customs signature...and asked that signature >>>>>>> should protect tunneling over http (such as P2P or instant messaging), >>>>>>> do we >>>>>>> need to configure any additional configuration apart from configuring >>>>>>> service http type engine matching any patern (using regex) and >>>>>>> service-port >>>>>>> 80.. because still I'm confused how does protect tunneling over http for >>>>>>> P2P/instant messaging etc. >>>>>>> >>>>>> >>>>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and >>>>>> select sig type "Define Web Traffic Policy. Then enable "Alarm in >>>>>> non=HTTP >>>>>> Traffic". >>>>>> >>>>>> >>>>>>> >>>>>>> Thanks in advance... >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
