From: ccie az (ccieaz@googlemail.com)
Date: Wed Apr 09 2008 - 07:09:08 ART
Hi Dale,
Thanks for taking the time to try this out. Your work around is
correct, I did the same thing as you suggest: add a ethernet interface
off R4 (advertise that network into ospf in my case) and then attempt
telnet from R5 to a fake address on the ethernet subnet. It worked
like a charm.
Thanks
Az
2008/4/8 Dale Kling <dalek77@gmail.com>:
> I've managed to replicate your issue and found a fix. I tried to telnet on
> port 80 to a fake address in a subnet on the loopback and I have the same
> issue as you. I then configured an ethernet interface, added that to the
> ACL, and telnetted to that on port 80. Showed up just fine in my tcp
> intercept connections. Try doing the same thing, but to a fake http server
> off an Ethernet interface and let us know hot it went.
>
> regards,
>
> Dale
>
>
>
>
> On Tue, Apr 8, 2008 at 2:23 PM, ccie az <ccieaz@googlemail.com> wrote:
>
> >
> >
> >
> > Hi,
> >
> > I am puzzled why my config isn't working here:
> >
> > I have R4 ------- R5
> >
> > R4 is configured as follows:
> >
> > ip tcp intercept list 199
> > ip tcp intercept connection-timeout 3600
> > ip tcp intercept max-incomplete low 1200
> > ip tcp intercept max-incomplete high 1500
> > ip tcp intercept drop-mode random
> >
> > access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq www
> >
> > Then on R5 I telnet to 150.1.4.100 on port 80. But nothing happens! I
> > have debug tcp intercept and check the show tcp intercept information
> > and nothing!.
> >
> > I am sure there is something simple I have missed, just cant work it
> > out. Has anyone else had any issues with this?
> >
> > Thanks
> >
> > Az
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART