Re: TCP Intercept

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Sep 01 2004 - 08:16:20 GMT-3

• Next message: Brech: "foto"
• Previous message: akbar khan: "RE: ODR issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Akbar,

Thanks for getting back to me. I also was able to confirm that for a router
you can choose between either mode but can't use both. It's either
intercept or watch mode for all TCP connections (or just those specified in
the acl).

Tim
----- Original Message -----
From: "akbar khan" <ciscokhan@hotmail.com>
To: <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
Sent: Wednesday, September 01, 2004 1:26 AM
Subject: RE: TCP Intercept

> Hey Tim,
>
> The TCP intercept mode or watch mode is configured on the router on all
> common TCP sessions hence you cannot use either mode for some TCP
> sessions.
>
> BTW be aware of the ACL you use here i.e. access-list 101 permit tcp any
> host x.x.x.x where any is any source and x is the destined server that
> need to be watch.
>
> Hope that Helps,
>
> Akbar Khan
>
> CCIE#13737
>
> >From: "ccie2be" <ccie2be@nyc.rr.com> >Reply-To: "ccie2be"
> <ccie2be@nyc.rr.com> >To: "Group Study" <ccielab@groupstudy.com>
> >Subject: TCP Intercept >Date: Mon, 30 Aug 2004 18:25:04 -0400 > >Hi
> guys, > >I've just been going over the above feature and it looks like
> it's not >possible to configure the router to use Intercept Mode for some
> tcp >connections and Watch Mode for other connections. > >Can someone
> confirm or correct my understanding? > >From what I can tell, the
> command, ip tcp intercept list acl#, just specifies >which tcp
> connections are subject to tcp intercept. While the command, ip tcp
> >intercept mode <intercept | watch >, specifies which mode to use for the
> tcp >connections already specified by the first command. > >If this is
> true then it's not possible to use different modes for different
> >connections - unless there something I'm missing. > >If there is a way
> to use different modes for different connections, could >someone provide
> an example of how that could be configured? > >Thanks for any help that
> can be offered. Tim >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com > >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> ------------------------------------------------------------------------
>
> The new MSN 8: smart spam protection and 2 months FREE*
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Brech: "foto"
• Previous message: akbar khan: "RE: ODR issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:34 GMT-3