ACE tcp & udp inspection

Unanswered Question
Feb 13th, 2007

Hi,

I want to create a security model where one vlan is more trusted than the other (Like Pix/ASA or a router with inspection enabled). However, when i want to create a TCP or UDP inspection i can only select between a limited number of protocols.

I've created 2 class maps :

class-map match-all TCP_INSPECT

2 match port tcp any

class-map match-all UDP_INSPECT

2 match port udp any

The combined them into a policy-map :

policy-map multi-match INSPECTION

class TCP_INSPECT

class UDP_INSPECT

However when i enter the policy-map\TCP_INSPECT i can only choose between : dns Configure dns inspection ftp Configure ftp inspection http Configure http inspection icmp Configure icmp inspection rtsp Configure rtsp inspection

However, i do have for example SMB traffic running from one vlan to the other. How can i inspect that traffic so i don't have to enter an extra access-list entry ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 02/13/2007 - 07:38

The ACE module comes with limited amount of security features.

You will not have all the PIX or FWSM features on the ACE module.

This is mostly a loadbalancer with some security features.

Gilles.

Actions

This Discussion