TCP Intercept Question

From: Lab Rat #109385382 (techlist01@gmail.com)
Date: Sat Nov 04 2006 - 00:57:17 ART

• Next message: Scott Morris: "RE: Cllass Recommendation"
• Previous message: Haas, Brad: "RE: Cllass Recommendation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When specifying a list for TCP intercept (i.e. ip tcp intercept list NAME),
is it required to specify the protocol and service in the ACL?

For example, if the questions asks "intercept connections to webserver
1.1.1.1"

Isn't this:

"access-list 100 permit tcp any host 1.1.1.1 eq 80"

Pretty much going to have the same effect as this:

"access-list 100 permit ip any host 1.1.1.1"

I mean, it is TCP that we're talking about here. Is there any benefit to
specifying the service?

Thanks,

Ed

• Next message: Scott Morris: "RE: Cllass Recommendation"
• Previous message: Haas, Brad: "RE: Cllass Recommendation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART