Thanks, Bruno, My misunderstanding stems from the confusing usage of “application” in the PAM. The perception was that matching the port number with the name of the application is not enough and IOS would need to know that this is exactly a certain application when it inspects traffic over let’s say ports 80 or 22 or any other user defined ports. But as it turns out it is pure L4 protocol inspection and not L7 application inspection. Almost exactly like NBAR functions where you can define your own custom application by assigning a port number to it and then add some parameters to the NBAR engine that will be parsed in the packet header.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Silva Sent: Sunday, June 17, 2012 11:59 PM To: CCIE Security Subject: Re: [OSL | CCIE_Security] User defined port mapping, is there any use of it ? Hi Eugene, As far as I understand your quetion you are probably missunderstanding the use of port mapping for non-standard ports. Look, for mapping standard applications to non-standard ports gou can use ip-port map [application] port [non-standard port]. What u cannot do for this case is for example use a port that is used by another protocol, for example map ftp to the telnet port because it's already bei g used by other standard app. The user defined port-map is used usually when u have a non-standard application. Br, Bruno Silva Enviado via iPhone Em 10/06/2012, às 18:29, Eugene Pefti <[email protected]<mailto:[email protected]>> escreveu: Folks, Is there any good of defining user based port mapping? Let’s say I want to create a mapping for a non-standard port, for example telnet – 3020. I’d go: “ip port-map user-telnet-3020 port tcp 3020” In my opionion this would be an empty container for an IOS because it wouldn’t associate a real telnet traffic with it when I want to match for this non-standard protocol in CBAC or ZFW. What’s the point of having it in the first place? Has anyone used it in any configurations ? Eugene _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
