[c-nsp] Cbac problem

Kevin Graham mahargk at gmail.com
Mon Aug 15 22:40:39 EDT 2005


On 8/15/05, Richard Doty (US) <richard.doty at us.didata.com> wrote:
> The inspection option for HTTP is just for java applet inspection, not
> for HTTP traffic on 80 or 443.

He is also using appfw, which is far more useful, though the 'ip
inspect NAME http' should definately be removed (I have no idea what
the behavior is if both are enabled). One thing to note w/ appfw is
the default of 10 max conns per dst address.

(now if only you could give an acl to each ip inspect rule...)



More information about the cisco-nsp mailing list