I have an access-list established already, but I would like to add TCP intercept on this router. It would only filter on one network (range). Basically my DMZ. Do I add the statement "access-list xxx permit tcp any (network host section) to my established access-list or do I create a new one? I imagine that this staement would follow all my deny statements and before my "ip any any" command. Is this correct?
Thanks for the information. But I think my problem is applying 2 ACL's to one interface. Both would have to be TCP, thats why I ask where do I put the explicit line for the intercept command that will be applied to the Serial /0 interface. Will it read all the lines, ignoring all except the one meant for it? I am generating part of my access list dynamically from an IDS (NetRanger) and some parts are permanent.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...