[c-nsp] IOS and Calea Feature Set

Adam Greene maillist at webjogger.net
Fri Oct 31 10:16:14 EDT 2008


Not sure about the Cisco approach to this, but I am doing almost the same 
thing, with the exception that we SPAN from the point of customer entry into 
our network, which in this case is a switch, so all traffic can be captured.

We are using the OpenCALEA standard: http://www.opencalea.org/

Good luck elucidating the Cisco options ... interested to know what people 
have to say about it ....

Thanks,
Adam

----- Original Message ----- 
From: "Frank Bulk" <frnkblk at iname.com>
To: "'Forrest W Christian'" <fwc at mt.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, October 30, 2008 11:30 PM
Subject: Re: [c-nsp] IOS and Calea Feature Set


> You may want to check out this project:
> http://www.openintercept.org/
>
> I have a contact involved with this, if you need it.
>
> Regards,
>
> Frank
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Forrest W 
> Christian
> Sent: Thursday, October 30, 2008 1:11 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] IOS and Calea Feature Set
>
> I'm working on improving my CALEA compliance here.   One of the big
> things I need to handle is better extraction of frames out of several
> cisco routers we have scattered around our network.
>
> Today, we handle our CALEA requests by using a span/mirroring port on a
> switch plugged into a CALEA collection device which conforms to the
> WISPA CALEA standard.   That way, we can capture all of the internet and
> most of the on-network traffic, but not quite 100% since traffic which
> never leaves the border router doesn't ever exit the border router so it
> can't be captured for Law Enforcement.
>
> It looks like the IP Traffic Export would allow me to basically use the
> tools we already have in place for this.   But, I also am looking at the
> CALEA features in the later IOS'es.   Unfortunately, the documentation
> is written in CALEA-speak, which makes for confusing reading, especially
> when you are trying to figure out what pieces you need to make this work.
>
> I'm curious if someone on-list  has gotten the CALEA features to work in
> a Broadband provider setting, and if so, if they could perhaps point me
> in the right direction as far as what pieces we need (aka specific
> products instead of "functions") other than the Cisco router w/CALEA
> features?
>
> -forrest
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> 




More information about the cisco-nsp mailing list