From: Dale Kling (dalek77@gmail.com)
Date: Tue Apr 08 2008 - 16:42:08 ART
I've managed to replicate your issue and found a fix. I tried to telnet on
port 80 to a fake address in a subnet on the loopback and I have the same
issue as you. I then configured an ethernet interface, added that to the
ACL, and telnetted to that on port 80. Showed up just fine in my tcp
intercept connections. Try doing the same thing, but to a fake http server
off an Ethernet interface and let us know hot it went.
regards,
Dale
On Tue, Apr 8, 2008 at 2:23 PM, ccie az <ccieaz@googlemail.com> wrote:
> Hi,
>
> I am puzzled why my config isn't working here:
>
> I have R4 ------- R5
>
> R4 is configured as follows:
>
> ip tcp intercept list 199
> ip tcp intercept connection-timeout 3600
> ip tcp intercept max-incomplete low 1200
> ip tcp intercept max-incomplete high 1500
> ip tcp intercept drop-mode random
>
> access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq www
>
> Then on R5 I telnet to 150.1.4.100 on port 80. But nothing happens! I
> have debug tcp intercept and check the show tcp intercept information
> and nothing!.
>
> I am sure there is something simple I have missed, just cant work it
> out. Has anyone else had any issues with this?
>
> Thanks
>
> Az
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART