[j-nsp] Please Ignore Re: JunOSe ACL Question
Goldschmidt, Bernd
bernd.goldschmidt at siemens.com
Thu Apr 20 04:40:36 EDT 2006
Hi Scott,
yes, it is a little bit more configuration work.
But remember, you will not run into any performance issues, this will work at wired speed on a GE (for example) with large classifers!
Remark:
-------
You do not need the classifier-list "permit-all", you can use a wildcard "*" inside the policy:
> ip policy-list "SMTP-finder"
> classifier-group "SMTP-finder"
> log
> classifier-group *
> forward
Gruß
Bernd.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Scott Weeks
> Sent: Thursday, April 20, 2006 3:24 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Please Ignore Re: JunOSe ACL Question
>
> ----- Original Message Follows -----
>
> > Am I lost? (I hope not, but just in case
> > <flameproof_underware == ON>) I want to do this:
> >
> > access-list SMTP-finder permit tcp any host
> > xxx.xxx.xxx.xxx eq 25
>
>
> Never mind:
>
>
> ip classifier-list "SMTP-finder" tcp any host 206.46.232.12
> eq 25
> !
> ip classifier-list "permit-all" ip any any
> !
> interface atm 12/2
> ip policy output SMTP-finder
> !
> ip policy-list "SMTP-finder"
> classifier-group "SMTP-finder"
> log
> classifier-group "permit-all"
> forward
>
>
>
> watta pain!
> scott
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list