Use IP address, when they have mentioned the IP Address. For example, if want to inspect ftp on port 2121, it's better to use ACE.
Remove the default inspection, put this custom class matching port 2121 with ACL and then below that put default class map. Now both normal ftp traffic and on port 2121 is inspected. Ports can be used but they are open to any address. With regards Kings On Tue, Jul 10, 2012 at 6:57 AM, Ben Shaw <[email protected]> wrote: > Hi All > > I am jsut doing some practice on protocol inspection using MPF on ASA. I > am generally using ACLs to match my traffic in my L3/L4 class maps though > at times the answers I see match just on the port number. > > Apart from being able to define source and destination IP addresses in > ACLs as compared to matching just on a port number in a class map, are > there any deeper benefits to matching on one or the other when using MPF, > especially in regards to then implementing L7 application inspection? Below > is what I mean: > > Option 1 > access-list http-out extended permit tcp any any eq http log > class-map http-outside > match access-list http-out > > Option 2 > class-map http-outside > match port eq 80 > > Thanks > Ben > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
