From: Dang Quang Minh (minhdq@xxxxxxxxxxxxx)
Date: Wed May 22 2002 - 15:56:30 GMT-3
Hi,
U can use dynamic access-list if I understand ur question correctly.
Ex:
Sanjose(config)#access-list 101 permit tcp 192.168.3.0 0.0.0.255 host
192.168.1.2 eq telnet
Sanjose(config)#access-list 101 dynamic LETMEIN timeout 3 permit ip
192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
Sanjose(config)#int s0/0
Sanjose(config-if)#ip access-group 101 in
Sanjose(config-if)#line vty 0 4
Sanjose(config-line)#login local
Sanjose(config-line)#autocommand access-enable host timeout 2
The autocommand is used to automate the process of creating a temporary
acc-list entry. Upon authencation, access-enable is executed and create
a temporary entry for ur host.
The 'timeout 3' option in the dynamic acc-list command places an
absolute limit on the amount of time that the hole exit. After 3
minutes, u have to authenticate again...
HTH
Minh
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
CCIE-Maillist
Sent: Wednesday, May 22, 2002 9:10 PM
To: ccielab@groupstudy.com
Subject: tcp intercept
I am trying to configure tcp intercept but don't have any practical
experience
with it. If a lab says that you are getting a lot of rogue packets and
to
configure it such that hosts can get through every one and a half
minutes, no
matter how many rogue packets you are getting- which setting do you set
for
the 1.5 minutes?
I am looking on the webpage-
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fsecu
r_c/ftrafwl/scfdenl.htm
My guess is to set the watch timeout but can someone who has experience
confirm whether or not that is correct?
Thanks,
David
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:04 GMT-3