About bistevins

bistevins · 05-02-2011

Hello all,I have a tolopogy close to the one in the diagram. Default route is through ISP1, but I need 10.0.0.2 have default through ISP2. So, I've attached a route-map at G0/0.10:interface GigabitEthernet0/0.10description DMZencapsulation dot1Q 10ip...

bistevins · 04-20-2011

Hi all,I'm struggling to export traffic on an interface to a Linux box on LAN running tcpdump (later an IDS).I'v been following instructions on http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html but I get no traffic at all on the linux b...

bistevins · 05-07-2011

Well, it's working now.After one test after another, I've found that if I inspect tcp protocol, it works OK:Class Map type inspect match-all CMAP-MAIL (id 108) Match access-group name ACL-MAIL1 Match protocol tcpExtended IP access list ACL-MAIL1 ...

bistevins · 05-05-2011

cadetalain wrote:Can you also put a log keyword in each class in your policy-maps and see if you've got a log message.I can't find where to add the log keyword under each policy-map. Is it at class-default and adding "drop log"?

bistevins · 05-04-2011

This the output of debug ip packet detail when there is traffic toward port 22:IP: tableid=0, s=10.0.0.2 (local), d=8.8.8.8 (Vlan2), routed via FIBIP: s=10.0.0.2 (local), d=8.8.8.8 (Vlan2), len 40, sending TCP src=43935, dst=22, seq=3940800076, ack=0...

bistevins · 05-04-2011

So now you know the first SYN segment is dropped due to ZBF policy.I would classify smtp traffic for this private ip address in a class-map then in the policy- map I would do a inspect and apply from ISP2 zone to DMZ zone.If DMZ->ISP2 is inspected un...

bistevins · 05-04-2011

Hi, thx for the tip. I've found this:IP: tableid=0, s= (GigabitEthernet0/0.10), d=74.125.45.27 (Vlan2), routed via FIB ## (vlan2 is connected to ISP1) ##IP: s= (GigabitEthernet0/0.10), d=74.125.45.27 (vlan3), len 60, dropped by inspect ## (vla...

Member Since	‎04-20-2011 09:12 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	11

User Statistics

User Activity

SMTP can't go through

ip traffic-export - SOLVED

Re: SMTP can't go through

Re: SMTP can't go through

Re: SMTP can't go through

Re: SMTP can't go through

Re: SMTP can't go through