Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE tcp & udp inspection

Hi,

I want to create a security model where one vlan is more trusted than the other (Like Pix/ASA or a router with inspection enabled). However, when i want to create a TCP or UDP inspection i can only select between a limited number of protocols.

I've created 2 class maps :

class-map match-all TCP_INSPECT

2 match port tcp any

class-map match-all UDP_INSPECT

2 match port udp any

The combined them into a policy-map :

policy-map multi-match INSPECTION

class TCP_INSPECT

class UDP_INSPECT

However when i enter the policy-map\TCP_INSPECT i can only choose between : dns Configure dns inspection ftp Configure ftp inspection http Configure http inspection icmp Configure icmp inspection rtsp Configure rtsp inspection

However, i do have for example SMB traffic running from one vlan to the other. How can i inspect that traffic so i don't have to enter an extra access-list entry ?

1 REPLY
Cisco Employee

Re: ACE tcp & udp inspection

The ACE module comes with limited amount of security features.

You will not have all the PIX or FWSM features on the ACE module.

This is mostly a loadbalancer with some security features.

Gilles.

177
Views
0
Helpful
1
Replies
CreatePlease to create content