Defining ICA as interesting traffic

mark-n · ‎06-13-2003

We need to create a dialup connection and check that dialup connection for idle time - once the idle time is reached we need the router to drop the line.

In addition, we need to restrict traffic across the dialler interface to the ICA protocol only (TCP1494 and UDP1604)

Hopefully if we can do both of these then we will allow only remote ICA connections and when the user stops using the ICA protocol, the dialup line will be dropped automatically without the user having to manually hang-up at their end…

Can someone please let me know if this is possible and the ACL lines required in the config to achieve this. We will be using PRI everywhere

Thanks

Mark

tepatel · ‎06-13-2003

Here is the config which define interesting traffic to and from any source and destination with tcp port 1494 and udp port 1604.

You can get idea about how to define or tune interesting traffic using access-list.

int serial0:23

dialer-group 1

!

dialer-list 1 protocol ip list 101

!

access-list 101 permit udp any eq 1604 any

access-list 101 permit udp any any eq 1604

access-list 101 permit tcp any eq 1494 any

access-list 101 permit tcp any any eq 1494