Step 12
*match request port-misuse* {*im* | *p2p* | *tunneling *| *any*}
Example:
Router(config-cmap)# match request port-misuse any
-- Garry L. Baker "There is no 'patch' for stupidity." - www.sqlsecurity.com On Tue, Dec 14, 2010 at 4:00 PM, Jack Router <pan.router_at_gmail.com> wrote: > Hello, > > I am playing with ZBF in my lab. It works OK but I can not figure out how > to > configure deep packet inspetcion. Here is the setup: > > DMZ OUTSIDE > R4--| > |--(F0/1)R1(S1/1)--R3 > R5--| > > So far I configured ZBF on R1 to allow access from OUTSIDE to R5, http > only. > This config works OK. I can telnet from R3 to R5 on port 80. > > My question is how to add deep packet inspectin so only real http traffic > will pass. Telnet on port 80 should be denied. > > class-map type inspect match-all cmOUTSIDE-R5 > match protocol http > match access-group name R5 > > policy-map type inspect pmOUTSIDE2DMZ > class type inspect cmOUTSIDE-R5 > inspect > > zone-pair security zOD source OUTSIDE destination DMZ > service-policy type inspect pmOUTSIDE2DMZ > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Tue Dec 14 2010 - 16:13:49 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 01 2011 - 09:37:49 ART