I am trying to apply TCP Intercept to my serial int on the border router. When creating the ACL for TCP-I, is it effective for In-bound traffic only or In and Out? I am also debating between Watch Mode and Intercept. I want to use Watch at first because we are not sure how some of our server load balancers are going to react to the change. Any suggestions on the modes? What about adjusting the timers. I want to change the watch timeout to 15sec and finrst-timeout to 3 secs, any advice?
A deny in the ACL referenced will only deny traffic from being watched.
ACLs can be applied in many different places. An important point to remember is that the ACL is only relevant to the process referenced. When an interface references an ACL, traffic can be blocked or permitted across the router. However, ACLs attached to processes affect traffic 'traversing' those processes, ie dialer-lists, watch-lists, QoS classes, tcp intercept.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...