Hi, Is parameter type regex can apply for more than one pattren with Login OR ??
and is this right if i need to block xxx.exe, patteren will be pattern xxx\.exe ?? the idea is to match IP address with different pattrens posipilities, so any of the pattrn will mach AND mach ip address , policy will drop so, lets say the ip is 1.1.1.1 , url patteren are "xxx.exe" , yyy.cmd" and "www.exe" the complete config as below: parameter-map type regex attack pattern eee\.exe pattern yyy\.cmd pattern www\.exe access-list 114 permit ip any host 1.1.1.1 class-map match-all http match access-group 114 match protocol http url "attack" Policy-map http class http drop is this correct? Regards, MKD On Fri, Oct 7, 2011 at 6:00 PM, <[email protected]> wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. DMVPN hub behind NAT (Kingsley Charles) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 7 Oct 2011 20:28:05 +0530 > From: Kingsley Charles <[email protected]> > To: [email protected] > Subject: [OSL | CCIE_Security] DMVPN hub behind NAT > Message-ID: > <cahs0b05n2nkgyx7g3aep9whhie6o_db2crzfqmpomer7_vz...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi all > > When we have DMVPN hub behind a NAT device, the tunnel shouldn't come up > because the proxy identities will not match in IPSec Phase 2 check. > > Hub -------------- NAT router --------------- Spoke > > It works, if I have the transform set in transport mode.. IOS does something > but I am not able get a doc explaining the process > > The following link explains spoke behind a NAT device. I am aware that NHRP > is NAT aware. Is that the answer? > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/dmvpn_dt_spokes_b_nat.html > > > With regards > KIngs > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20111007/471ad214/attachment-0001.html> > > End of CCIE_Security Digest, Vol 64, Issue 14 > ********************************************* > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
