I need to filter inbound HTTP requests <outside> to <dmz> headed to www.XYZ.com/XXX/admin/XXX.jsp. My regex is:    regex HACKBLOCK "*/admin/.*\.jsp*" My class-maps are:  ! class-map type regex match-any HACKBLOCK_METHOD match regex GET class-map XXXXTWBLOCK match access-list HACKBLOCK_HOSTS class-map type regex match-any HACKBLOCK_URL match regex HACKBLOCK class-map type inspect http match-all HACKBLOCK_FILTER match request uri regex class HACKBLOCK_URL class-map inspection_default match default-inspection-traffic My policy-maps are: ! policy-map type inspect http HACKBLOCK_HTTP parameters class HACKBLOCK_FILTER   log policy-map global_policy class inspection_default   inspect ftp   inspect h323 h225   inspect netbios   inspect rsh   inspect rtsp   inspect sip   inspect skinny   inspect sqlnet   inspect sunrpc   inspect tftp   inspect xdmcp   inspect dns   inspect h323 ras class XXXXTWBLOCK   inspect http HACKBLOCK_HTTP policy-map OUTSIDE class XXXXTWBLOCK   inspect http HACKBLOCK_HTTP class class-default policy-map type inspect dns migrated_dns_map_1 parameters   message-length maximum 1200 As you can see, I added the inspection rule to a seperate class name ENPROTWBLOCK.  This matches traffic based on destination of our class C.  I see that I am matching traffic in the ACL, but no matches on the HTTP inspection rule: #sh service-pol inspec http ! Global policy:   Service-policy: global_policy     Class-map: inspection_default     Class-map: XXXXTWBLOCK       Inspect: http HACKBLOCK_HTTP, packet 745097, drop 0, reset-drop 0         protocol violations           packet 34206         class HACKBLOCK_FILTER           log, packet 0 enp-amer-clt-pix525-a# I am generating bogus traffic to http://www .<ourdomain>.com/admin/test.jsp Any idea whats going on here and why I am not macthing the HTTP uri's ???? Thanks, Matthias  CCIE# 28445 ... View more

I am trying to restore a certificate CA as a test to fulfill some DR requirements.  I amusing IOS 12.4 (25c) with the database archive feature.  I have in nvram on my test box: RootCA.crl RootCA.ser Rootca_00001.pem RootCA.#1cer RootCA.ca I ty to restore the pem file using both the cut and paste (terminal) and URL methid, I get a: "No enrollment sessions are currently active" and the import fails. What am I doing wrong here ?? ... View more

Hello, I have a 3825 configured to be the root CA and trustpoint for a PKI based DMVPN deployment.  We are preparing for a DR exercise and we would like to have outlined a procedure for recovering this router.  I dont know this procedure and woudl love some insight from someone who has done this before.  The issue I see si that I cannot export the root (0x1) certificate from the router.  Without the root certificate, I cannot restore the trust chain on another router.  I see the .cer files in nvram, but I imagine that they are encrypted and cannot be read by anything but the owner. Any ideas ?? ... View more