GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: TCP Intercept posted 09/01/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Tim,

	You *must* define the ACL, regardless of whether or not it
matches any destinations, or a subset of destinations.


HTH,

Brian McGahan, CCIE #8593
bmcgahan@xxxxxxxxxxxxxxxxxxxxxx 

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
Of
> ccie2be
> Sent: Wednesday, September 01, 2004 6:16 AM
> To: akbar khan; ccielab@xxxxxxxxxxxxxx
> Subject: Re: TCP Intercept
> 
> Akbar,
> 
> Thanks for getting back to me.  I also was able to confirm that for a
> router
> you can choose between either mode but can't use both.  It's either
> intercept or watch mode for all TCP connections (or just those
specified
> in
> the acl).
> 
> Tim
> ----- Original Message -----
> From: "akbar khan" <ciscokhan@xxxxxxxxxxx>
> To: <ccie2be@xxxxxxxxxx>; <ccielab@xxxxxxxxxxxxxx>
> Sent: Wednesday, September 01, 2004 1:26 AM
> Subject: RE: TCP Intercept
> 
> 
> > Hey Tim,
> >
> > The TCP intercept mode or watch mode is configured on the router on
all
> > common TCP sessions hence you cannot use either mode for some TCP
> > sessions.
> >
> > BTW be aware of the ACL you use here i.e. access-list 101 permit tcp
any
> > host x.x.x.x where any is any source and x is the destined server
that
> > need to be watch.
> >
> > Hope that Helps,
> >
> > Akbar Khan
> >
> > CCIE#13737
> >
> > >From: "ccie2be" <ccie2be@xxxxxxxxxx> >Reply-To: "ccie2be"
> > <ccie2be@xxxxxxxxxx> >To: "Group Study" <ccielab@xxxxxxxxxxxxxx>
> > >Subject: TCP Intercept >Date: Mon, 30 Aug 2004 18:25:04 -0400 > >Hi
> > guys, > >I've just been going over the above feature and it looks
like
> > it's not >possible to configure the router to use Intercept Mode for
> some
> > tcp >connections and Watch Mode for other connections. > >Can
someone
> > confirm or correct my understanding? > >From what I can tell, the
> > command, ip tcp intercept list acl#, just specifies >which tcp
> > connections are subject to tcp intercept.  While the command, ip tcp
> > >intercept mode <intercept | watch >, specifies which mode to use
for
> the
> > tcp >connections already specified by the first command. > >If this
is
> > true then it's not possible to use different modes for different
> > >connections - unless there something I'm missing. > >If there is a
way
> > to use different modes for different connections, could >someone
provide
> > an example of how that could be configured? > >Thanks for any help
that
> > can be offered. Tim >
> >
>_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials
from:
> > >http://shop.groupstudy.com > >Subscription information may be found
at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> >
------------------------------------------------------------------------
> >
> > The new MSN 8: smart spam protection and 2 months FREE*
> >
> >
_______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> 
>
_______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials
from:
> http://shop.groupstudy.com
> 
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html