*Hello Experts,*
**
*Kindly provide your valued suggestions over the following configuration if
configured in 6500 FWSM. *
**
*I wish if you provide your valued inputs over the point that if this
configuration is done in real time in live working environmet than is there
any impact of it on other services ?*
*Step -1 :- I have created an access-list called �microhttp�.*
*access-list microhttp extended deny ip host 172.30.30.44 host 172.20.2.79*
*access-list microhttp extended deny ip host 172.30.30.45 host 172.20.2.79*
*access-list microhttp extended deny ip host 172.20.2.79 host 172.30.30.44*
*access-list microhttp extended deny ip host 172.20.2.79 host 172.30.30.45*
*access-list microhttp extended permit ip any any*
*Step -2 :- I have created a class-map called �microhttp�*
*class-map microhttp*
* match access-list microhttp*
*Step-3 :- In global policy-map I have called this class-map.*
*FWSM-CORE1(config)# policy-map global_policy*
*FWSM-CORE1(config-pmap)# class microhttp*
*Step-4 :- In class-map microhttp, I am inspecting �http� packets.*
*FWSM-CORE1(config-pmap-c)#inspect http*
*Step -5 :- I went back to the global policy-map.*
*FWSM-CORE1(config-pmap-c)# exit*
*FWSM-CORE1(config-pmap)#*
*Step-6 :- I went into the default class-map and I have removed the http
inspection from global policy-map.*
*FWSM-CORE1(config-pmap)# class inspection_default*
*FWSM-CORE1(config-pmap)#*
*FWSM-CORE1(config-pmap)# no inspect http*
Thank you,
*Best Regards,*
*Shahnawaz Khot*
**
Blogs and organic groups at http://www.ccie.net
Received on Thu Dec 02 2010 - 20:23:43 ART