Re: [OSL | CCIE_Security] YB Lab 2 - CBAC.

Sun, 12 Feb 2012 12:15:42 -0800 

Thank you so much Ali.

It is very clear now.


Best Regards.
______________________
Adil 

On Feb 12, 2012, at 10:47 AM, HA Ali wrote:

> 
> Notice that when you put this command you get following output
> 
>  Session 481756D8 (172.16.46.6:42921)=>(172.16.41.23:8080) http SIS_OPEN 
> 
> Which means that it knows that 8080 is HTTP . Now if u put Layer 7 inspection 
> / policy the router will also consider port 8080 for it . You can restrict a 
> couple of things based on Layer 7 .
> 
> Now when you remove the PAM , you get following output 
> 
> Session 481756D8 (172.16.46.6:57806)=>(172.16.41.23:8080) tcp SIS_OPEN
> 
> This means that port 8080 is considered as a normal TCP port/connection and 
> if you make a Layer 7 class-map / policy-map for HTTP it wont be applied here 
> . 
> 
> 
> HTH
> 
> 
> 
> From: [email protected]
> Date: Sun, 12 Feb 2012 07:18:07 -0500
> To: [email protected]
> Subject: [OSL | CCIE_Security] YB Lab 2 - CBAC.
> 
> In YB Lab 2 if I add "ip port-map http 8080" command it works and if I remove 
> it the connection from R6 to SW3 still works. 
> 
> Could someone please tell me what is the use of ip port-map command with CBAC 
> and why is it working with or without?
> 
> R4y2#sh ip inspect sessions 
> Established Sessions
>  Session 481756D8 (172.16.46.6:42921)=>(172.16.41.23:8080) http SIS_OPEN
> R4y2#sh ip inspect sessions 
> 
> R4y2#conf t
> Enter configuration commands, one per line.  End with CNTL/Z.
> R4y2(config)#no ip port-map http port 8080  
> R4y2(config)#end
> R4y2#
> *Feb 12 12:52:44.248: %SYS-5-CONFIG_I: Configured from console by console
> R4y2#
> R4y2#sh ip inspect sessions 
> Established Sessions
>  Session 481756D8 (172.16.46.6:57806)=>(172.16.41.23:8080) tcp SIS_OPEN
> R4y2#
> 
> 
> Best Regards.
> ______________________
> Adil 
> 
> 
> _______________________________________________ For more information 
> regarding industry leading CCIE Lab training, please visit www.ipexpert.com 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to