Yes but if you want to do both of them with one sig then I think using aic http sig should be the answer.
With regards Kings On Wed, Mar 2, 2011 at 11:38 PM, Pemasiri Devanarayana <[email protected]>wrote: > Hi Kings, > > > Appreciate your response on this. > > Service Http engine for match pattern on url > AIC Htttp is for tunneling http. > > thanks > > > On Wed, Mar 2, 2011 at 5:11 PM, Kingsley Charles < > [email protected]> wrote: > >> I think, creating sub sigs - one of http tunneling and other for regex is >> the only way. May be others can suggest, if there is any other way. >> I raised the same question in this forum earlier and it seems, it is the >> only way. >> >> Why are you referring to service http engine. I don't think we can use it >> here because detecting http tunneling is also required. >> >> >> With regards >> Kings >> >> >> On Wed, Mar 2, 2011 at 7:21 PM, Pemasiri Devanarayana <[email protected] >> > wrote: >> >>> Hi Kings, >>> >>> I tried configuring it, since we cant have Msg Body Pattern and Define >>> Web Traffic Policy in the same sign under sig engine, I have created >>> sub-signature with service http and add the patter under regex.. >>> >>> Question.. >>> - is that fulfill my requirement and is there any other solution. >>> -during the exam can we create signature with sub-sig such situation..? >>> >>> Here is my requirement again... >>> when configuring customs signature...and asked that signature should >>> protect tunneling over http (such as P2P or instant messaging), do we need >>> to configure any additional configuration apart from configuring service >>> http type engine matching any patern (using regex) and service-port 80.. >>> because still I'm confused how does protect tunneling over http for >>> P2P/instant messaging etc. and also I want to match any pattern (ie..bomb..) >>> in the url.. >>> >>> thanks >>> >>> >>> >>> On Mon, Feb 28, 2011 at 9:56 AM, Kingsley Charles < >>> [email protected]> wrote: >>> >>>> Never tried but I guess Msg Body Pattern should do it. Please lab it >>>> out. >>>> >>>> With regards >>>> Kings >>>> >>>> >>>> On Sun, Feb 27, 2011 at 10:04 PM, Pemasiri Devanarayana < >>>> [email protected]> wrote: >>>> >>>>> Hi Kings, >>>>> >>>>> I just need add something more on this question.. if the same signature >>>>> want to match any pattern in the url (ie.Bomb) where are we write the >>>>> pattern...? >>>>> >>>>> thanks. >>>>> >>>>> >>>>> 3) when configuring customs signature...and asked that signature >>>>>> should protect tunneling over http (such as P2P or instant messaging), >>>>>> do we >>>>>> need to configure any additional configuration apart from configuring >>>>>> service http type engine matching any patern (using regex) and >>>>>> service-port >>>>>> 80.. because still I'm confused how does protect tunneling over http for >>>>>> P2P/instant messaging etc. >>>>>> >>>>> >>>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >>>>> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP >>>>> Traffic" >>>>> >>>>> >>>>> On Thu, Feb 24, 2011 at 7:49 PM, Pemasiri Devanarayana < >>>>> [email protected]> wrote: >>>>> >>>>>> Thanks a lot King for you time on responding this and clarifying >>>>>> them... I will check them and get back to you if any further doubts.. :) >>>>>> >>>>>> >>>>>> On Thu, Feb 24, 2011 at 4:53 AM, Kingsley Charles < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Comments inline...... >>>>>>> >>>>>>> With regards >>>>>>> Kings >>>>>>> >>>>>>> On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I would appreciate the correct solutions (as expected in the lab >>>>>>>> grading) for below points on various sections of the labs. >>>>>>>> >>>>>>>> 1) if a question asked to authenticate and authorized on particular >>>>>>>> telnet connection ie line 1 & 3 and not to authtenticate on line say >>>>>>>> 5, will >>>>>>>> the following solution is correct (assumed we have already configured >>>>>>>> aaa) >>>>>>>> >>>>>>> >>>>>>> I guess configuring "transport input telnet" would be required >>>>>>> for line 1 and 3. But lIne 1 is aux 0.actually. >>>>>>> >>>>>>>> >>>>>>>> line vty 1 (or 3) >>>>>>>> login authentication xxxx (aaa method) >>>>>>>> authorization exec xxxx >>>>>>>> authorization command xx xxxx >>>>>>>> ! >>>>>>>> line vty 5 >>>>>>>> login authentication yyyy (aaa method, none) >>>>>>>> >>>>>>>> 2) when configuring IP NBAR do we need to add the following command >>>>>>>> in addition service-police under the interface. >>>>>>>> interface x/x >>>>>>>> ip nbar protocol-discovery >>>>>>>> service-policy input <pm-name> >>>>>>>> >>>>>>>> ip nbar protocol-discovery is not required >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> 3) when configuring customs signature...and asked that signature >>>>>>>> should protect tunneling over http (such as P2P or instant messaging), >>>>>>>> do we >>>>>>>> need to configure any additional configuration apart from configuring >>>>>>>> service http type engine matching any patern (using regex) and >>>>>>>> service-port >>>>>>>> 80.. because still I'm confused how does protect tunneling over http >>>>>>>> for >>>>>>>> P2P/instant messaging etc. >>>>>>>> >>>>>>> >>>>>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and >>>>>>> select sig type "Define Web Traffic Policy. Then enable "Alarm in >>>>>>> non=HTTP >>>>>>> Traffic". >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Thanks in advance... >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
