If CGMP/IGMP snooping are enabled on a slew of switches, but there is no IGMP Router nor is there an IGMP snooping Querier, how will the network react?
You can use the Cisco ACS to assign dynamic ACLs based on a user or group that that user is in.Here's a link that shows what you're looking for. It's quite nice once it's setup. http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configur...
key-id = rsa-sig.key-id means to use an RSA PKI key to identify the user, instead of hostname or address.I would identify by address, and use a dynamic crypto-map.
1. You only normally need to nat if you have overlapping IPs or PAT if you want to conserve public IPs.2. access-list no_nat_2_dmz permit ip 10.10.10.0 255.255.255.224 30.30.30.0 255.255.255.0access-list no_nat_2_Inside permit ip 30.30.30.0 255.255.2...
"show service-policy global" is about as good as it gets.Of course you can setup other service policies and different class-maps to inspect different protocols. It's not as nice as NBAR, but it may do the trick depending on what you're looking for
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455c72.htmlConfiguring NAT Traversal NAT Traversal is a feature that is auto detected by VPN devices. There are no configuration steps for a router running Cisco...
