Ok, What's the difference to IOS to inspect TCP based TACACS if I add it two ways?
First: ip port-map tacacs port tcp 49 ip inspect name CBAC protocol tacacs Second: ip port-map user-tacacs port tcp 49 ip inspect name CBAC protocol user-tacacs I thought that apart from verifying allocated port numbers for a particular application CBAC/ZFW should also track commands sent over this port. I.e. if it is SMTP traffic then IOS should know that it is SMTP and nothing else. Otherwise what's the point of calling it port-application mapping if it is watch only layer 4 information. From: Imre Oszkar [mailto:[email protected]] Sent: Monday, June 11, 2012 3:29 PM To: [email protected] Cc: Eugene Pefti Subject: Re: CCIE_Security Digest, Vol 72, Issue 43 Check the default port mapping for TACACS on IOS, it will be UDP/49. If you want to inspect tacacs you will need to use the user based port mapping. Oszkar Folks, Is there any good of defining user based port mapping? Let's say I want to create a mapping for a non-standard port, for example telnet - 3020. I'd go: "ip port-map user-telnet-3020 port tcp 3020" In my opionion this would be an empty container for an IOS because it wouldn't associate a real telnet traffic with it when I want to match for this non-standard protocol in CBAC or ZFW. What's the point of having it in the first place? Has anyone used it in any configurations ? Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
