[c-nsp] route-map based on NBAR to control passive ftp
luismi
asturluismi at gmail.com
Tue Aug 25 08:28:02 EDT 2009
Hi all,
We have here an issue regarding PBR.
We are not able -so far until right now- to change the routing policy
using as a condition the passive ftp traffic.
In other words...
- Active FTP is being forwarded to vrf A by a "set vrf" condition
(pretty easy using ACLs for TCP 20 and 21 ports)
- Passive FTP is being forwarded to vrf B -which is incorrect in our
scenario- because the PBR is not able detect it (we could open ports
over 1024 in the ACL but we want to avoid P2P in vrf A)
So, is there anyway to create a "match" condition to control just the
P2P traffic?
More information about the cisco-nsp
mailing list