Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
573
Views
0
Helpful
1
Replies

ACE tcp & udp inspection

sebastianvandijk
Level 1
Level 1

‎02-13-2007 04:51 AM

Hi,

I want to create a security model where one vlan is more trusted than the other (Like Pix/ASA or a router with inspection enabled). However, when i want to create a TCP or UDP inspection i can only select between a limited number of protocols.

I've created 2 class maps :

class-map match-all TCP_INSPECT

2 match port tcp any

class-map match-all UDP_INSPECT

2 match port udp any

The combined them into a policy-map :

policy-map multi-match INSPECTION

class TCP_INSPECT

class UDP_INSPECT

However when i enter the policy-map\TCP_INSPECT i can only choose between : dns Configure dns inspection ftp Configure ftp inspection http Configure http inspection icmp Configure icmp inspection rtsp Configure rtsp inspection

However, i do have for example SMB traffic running from one vlan to the other. How can i inspect that traffic so i don't have to enter an extra access-list entry ?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-13-2007 07:38 AM

The ACE module comes with limited amount of security features.

You will not have all the PIX or FWSM features on the ACE module.

This is mostly a loadbalancer with some security features.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card