From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Sep 01 2004 - 14:02:08 GMT-3
Tim,
You *must* define the ACL, regardless of whether or not it
matches any destinations, or a subset of destinations.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: Wednesday, September 01, 2004 6:16 AM
> To: akbar khan; ccielab@groupstudy.com
> Subject: Re: TCP Intercept
>
> Akbar,
>
> Thanks for getting back to me. I also was able to confirm that for a
> router
> you can choose between either mode but can't use both. It's either
> intercept or watch mode for all TCP connections (or just those
specified
> in
> the acl).
>
> Tim
> ----- Original Message -----
> From: "akbar khan" <ciscokhan@hotmail.com>
> To: <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, September 01, 2004 1:26 AM
> Subject: RE: TCP Intercept
>
>
> > Hey Tim,
> >
> > The TCP intercept mode or watch mode is configured on the router on
all
> > common TCP sessions hence you cannot use either mode for some TCP
> > sessions.
> >
> > BTW be aware of the ACL you use here i.e. access-list 101 permit tcp
any
> > host x.x.x.x where any is any source and x is the destined server
that
> > need to be watch.
> >
> > Hope that Helps,
> >
> > Akbar Khan
> >
> > CCIE#13737
> >
> > >From: "ccie2be" <ccie2be@nyc.rr.com> >Reply-To: "ccie2be"
> > <ccie2be@nyc.rr.com> >To: "Group Study" <ccielab@groupstudy.com>
> > >Subject: TCP Intercept >Date: Mon, 30 Aug 2004 18:25:04 -0400 > >Hi
> > guys, > >I've just been going over the above feature and it looks
like
> > it's not >possible to configure the router to use Intercept Mode for
> some
> > tcp >connections and Watch Mode for other connections. > >Can
someone
> > confirm or correct my understanding? > >From what I can tell, the
> > command, ip tcp intercept list acl#, just specifies >which tcp
> > connections are subject to tcp intercept. While the command, ip tcp
> > >intercept mode <intercept | watch >, specifies which mode to use
for
> the
> > tcp >connections already specified by the first command. > >If this
is
> > true then it's not possible to use different modes for different
> > >connections - unless there something I'm missing. > >If there is a
way
> > to use different modes for different connections, could >someone
provide
> > an example of how that could be configured? > >Thanks for any help
that
> > can be offered. Tim >
> >
>_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials
from:
> > >http://shop.groupstudy.com > >Subscription information may be found
at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> >
------------------------------------------------------------------------
> >
> > The new MSN 8: smart spam protection and 2 months FREE*
> >
> >
This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:34 GMT-3