From: mahmoud genidy (ccie.mahmoud@gmail.com)
Date: Mon Feb 23 2009 - 23:56:31 ARST
This will be great ...
On Tue, Feb 24, 2009 at 12:14 PM, Ivan Walker <ivan@itpro.co.nz> wrote:
> I think I will have to lab this one up to test. As this has been quite a
> popular topic without a valid confirmed answer. A few have stated that
> return traffic associated with the request is also matched but so far I fail
> to comprehend how out matching and policing outbound to a web server will
> magically enable policing inbound for reply traffic from that web server.
> If this was the case what would happen if there was an existing inbound
> policy in place that conflicts?
>
> Ivan
>
> Dale Shaw wrote:
>
>> Hi,
>>
>> On Tue, Feb 24, 2009 at 9:51 AM, mahmoud genidy <ccie.mahmoud@gmail.com>
>> wrote:
>>
>>
>>> Ok, now how we can match the traffic coming from SPECIFIC web-server
>>> (Server->Client) if I can't match based on HOST and URL?
>>> Of course assuming I don't have the IP address of the web-server.
>>>
>>>
>>
>> If you classify the traffic using 'match protocol http host' or 'match
>> protocol http url' in a service-policy applied OUT (i.e. catching the
>> HTTP GET), the return traffic associated with the original outbound
>> request is matched also -- i.e. the web server's response to the
>> original request.
>>
>> The direction of the traffic you classify doesn't _really_ matter.
>> This is (very) briefly explained in either the config guide or command
>> reference (I forget which).
>>
>> cheers,
>> Dale
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST