Hi Ajay,
You are right there. TCP is a superset of telnet and therefore when you
match tcp, matching telnet later on does not do much for you.
HTH,
Sadiq
On Fri, Aug 14, 2009 at 7:14 PM, Ryan West <rwest_at_zyedge.com> wrote:
> Ajay,
>
> Give this a read, the inspect is a little more sophisticated than a
> reflexive state based ACL.
>
>
> http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008064730a.shtml
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Ajay mehra
> Sent: Friday, August 14, 2009 1:38 PM
> To: ccielab_at_groupstudy.com
> Subject: doubts on matching traffic in CBAC
>
> Hi,
>
> Using CBAC we can match different types of traffic like tcp, udp , smtp
> telnet etc...
>
>
> ip inspect name CBAC tcp
> ip inspect name CBAC udp
> ip inspect name CBAC smtp
> ip inspect name CBAC telnet
>
>
> With above configuration I have a doubt that if inspection of tcp is
> enabled
> in 1st statement then is there any significance of having smtp in 3rd
> statement? would not tcp keyword also match all the traffic which uses tcp
> like smtp and telnet uses tcp port 25 and 23.
>
> Thanks for your help
> Ajay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Mon Aug 17 2009 - 21:26:07 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART