Eugene, Hi! Yeah well, the "non standard port" was ctiqbe... it was 20something... if I tried to do ip port-map telnet tcp port 20something, it will give me an error. I didnt actually completed the question correctly, cuz the building where I study was about to close:P.
So what I did was the following access-list 99 permit any ip port-map telnet tcp 20something list 99. The reason for the any is that it didnt say to an specific server. Mike. From: [email protected] To: [email protected]; [email protected] Subject: RE: [OSL | CCIE_Security] Zone based Firewall Port Map Date: Tue, 24 Jul 2012 06:05:09 +0000 If the task is not very eloquent in describing how to inspect non-standard telnet wouldn’t it be acceptable to add this non-standard telnet port to ip-port mapping and then just inspect telnet? Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Mike Rojas Sent: Monday, July 23, 2012 9:58 PM To: [email protected] Subject: [OSL | CCIE_Security] Zone based Firewall Port Map Hi Everyone, Quick one, with zone based if they tell you to inspect telnet on a non standard port, does zone based also use the system ports? Or should we use an access list permitting the traffic on port 23 and have it being inspected as a regular tcp traffic? Since it didnt say anything to an specific server, I created an access-list with the any keyword and mapped the port to tcp.. Im not sure if that is correct. Mike
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
