This is more of an ideological concern with the TCP Interceptor.
First of all, I wonder how many people employ this on their LANs?
Is this a technology that makes sense for a LAN or more at the edge?
This technology was "uncovered" for me due to a security audit on my network. And it is suggested that this service be run in an attempt to protect against DoS attacks.
Also, if you do run this, do you operate it in Watch or Intercept mode? I am currently running this in Watch mode, which isn't exactly passive in the sense that it takes action after a certain timeout is reached. This timeout has caused a few problems with some application on my network. Those include TCP connections to mainframe (for lack of better word) and non-Cisco related VoIP calls.
I wonder how widespread this technology is, as far as use goes.
The Personal Assistant interceptor ports identify the phone extensions that Personal Assistant will intercept from Cisco CallManager. You configure these ports in Cisco CallManager as CTI route points and identify them in the Personal Assistant server configuration. The route points configuration allows Personal Assistant to intercept the calls.
You can use wildcards when creating the route points so that one route point covers many extensions. For example, the route point 1XXX covers all extensions from 1000 to 1999.
When you configure the interceptor ports, you should also set up the call forwarding configuration for interceptor port error handling to allow calls to go through to the extension if the Personal Assistant server is unavailable. The way you configure interceptor port error handling will differ depending on the version of Cisco CallManager that the system uses .
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...