From: Marvin Greenlee (mgreenlee@ipexpert.com)
Date: Thu Jul 31 2008 - 14:05:35 ART
How are you trying to "see" the watched traffic?
Connections need to be traffic passing through the device for TCP intercept.
What do the outputs of 'show tcp int connections' and 'show tcp int
statistics' say?
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
Progress or excuses, which one are you making?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Christopher Copley
Sent: Wednesday, July 30, 2008 7:11 PM
To: ccielab@groupstudy.com
Subject: TCP intercept
Experts,
I am working with TCP intercept and noticed I can only get my router to
see watched traffic and get any debug output unless I disable cef
switching. My config looks like this...
===================================
no ip cef
access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq www
ip tcp intercept list 199
ip tcp intercept connection-timeout 3600
ip tcp intercept max-incomplete low 1200
ip tcp intercept max-incomplete high 1500
ip tcp intercept drop-mode random
===================================
Is this normal behavior? And if I am in the lab and I am only able to get
any tcp intercept debug output to work is to disable cef should I do it?
Thanks
Chris
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART