TCP intercept

From: Christopher Copley (copley.chris@gmail.com)
Date: Wed Jul 30 2008 - 20:11:28 ART

• Next message: Alexei Monastyrnyi: "Re: Good job CISCO!!!!"
• Previous message: Huzefa: "Re: PING"
• Next in thread: Scott Strobeck: "Re: TCP intercept"
• Maybe reply: Scott Strobeck: "Re: TCP intercept"
• Maybe reply: Marvin Greenlee: "RE: TCP intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Experts,

I am working with TCP intercept and noticed I can only get my router to
see watched traffic and get any debug output unless I disable cef
switching. My config looks like this...

===================================
no ip cef

access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq www

ip tcp intercept list 199
ip tcp intercept connection-timeout 3600
ip tcp intercept max-incomplete low 1200
ip tcp intercept max-incomplete high 1500
ip tcp intercept drop-mode random
===================================

Is this normal behavior? And if I am in the lab and I am only able to get
any tcp intercept debug output to work is to disable cef should I do it?

Thanks
Chris

Blogs and organic groups at http://www.ccie.net

• Next message: Alexei Monastyrnyi: "Re: Good job CISCO!!!!"
• Previous message: Huzefa: "Re: PING"
• Next in thread: Scott Strobeck: "Re: TCP intercept"
• Maybe reply: Scott Strobeck: "Re: TCP intercept"
• Maybe reply: Marvin Greenlee: "RE: TCP intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART