Thanx Priscilla, for the inf Regards, Munit Singla Priscilla Oppenheimer wrote:
> Munit Singla wrote: > > > > Hi Eric, > > Thanx for the reply. > > Can u tell me with which command can we assign differnt prots > > to same keyword. > > Regards, > > Munit > > > > Port to Application Mapping (PAM) is a feature of the Cisco IOS Firewall > feature set. PAM allows you to customize TCP or UDP port numbers for network > services or applications. PAM uses this information to support network > environments that run services using ports that are different from the > registered or well-known ports associated with an application. > > Using the port information, PAM establishes a table of default > port-to-application mapping information at the firewall. The information in > the PAM table enables Context-based Access Control (CBAC) supported services > to run on nonstandard ports. Previously, CBAC was limited to inspecting > traffic using only the well-known or registered ports associated with an > application. Now, PAM allows network administrators to customize network > access control for specific applications and services. > > If you aren't using CBAC, I don't know if you can do this, though. > > More on PAM here: > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfpam.htm#13687 > > Regarding the comment below that CBAC uses the keyword "http" instead of the > "www" used in extended access lists, I agree that's strange. It almost seems > like CBAC came from a Cisco acquisition perhaps. It's enough different from > ordinary IOS to make one wonder. > > Priscilla > > > "Erick B." wrote: > > > > > Agreed. They do have a way to map additional ports to > > > the pre-defined services though. So for telnet for > > > example you can add port 233, 2333, etc so when you > > > specify 'telnet' in an ACL (or similar list) it > > > matches port 23, 233, and 2333. > > > > > > Whats weird is I was looking at this yesterday, and > > > for some ACL stuff the keyword is http and for other > > > stuff it is www. I'm sure theres other keywords that > > > mean the same as others but thats the one I noticed. > > > Then again i don't port-map matches up to all the ACL > > > keywords, I think it matches up against some other > > > security features. I've used it for telnet in ACLs > > > though with no problems in past. > > > > > > I guess consistency with port #s and service names > > > would be a good thing. Maybe it would be nice if they > > > didn't hardcode these in IOS but referenced a services > > > file on the flash that could be editable like in most > > > OS's. I think this may happen... it seems they are > > > starting to clean up IOS and get rid of old protocols > > > and modularize stuff so it uses similar syntax. MQC > > > for example. > > > > > > --- Priscilla Oppenheimer > > > wrote: > > > > You're assuming IOS is a modern operating system or > > > > something akin to a data > > > > dictionary or programming language. It's not. :-) If > > > > the IOS engineers > > > > include keywords in the command line interface, then > > > > you can use them. If > > > > they don't, you can't. > > > > > > > > Your idea sounds like a good one though. You could > > > > suggest it to Cisco, but > > > > I don't think they could easily accomdate such a > > > > change in philosophy. > > > > > > > > Priscilla > > > > > > > > Munit Singla wrote: > > > > > > > > > > Hi , > > > > > There default ports given in the IOS .We can use > > > > both to refer > > > > > those > > > > > ports by names as well as port numbers .Can we > > > > customize it and > > > > > to the > > > > > defaut list ports by names not by numbers. or I > > > > want to use it > > > > > use > > > > > customized ports used for my applications by names > > > > in my access > > > > > list. > > > > > Is there any command to create customized ports by > > > > Name. > > > > > See what my problem is when we make an extended > > > > access lists we > > > > > can > > > > > define source and destination ports.there is > > > > standard list of > > > > > ports > > > > > there to be used in access list that we can use by > > > > number or > > > > > name.If we > > > > > want to customize the port according to our > > > > default application > > > > > we can > > > > > add that port by number only.Is there a way to > > > > refer those > > > > > ports by > > > > > names in my access list.and can we add these > > > > customized TCP/UDP > > > > > ports in > > > > > the default list which is displayed, so that we > > > > can refer it > > > > > when ever > > > > > we like in our access-lists by name. > > > > > Example: > > > > > access-list 100 permit tcp any any eq Nortonvirus > > > > > Here Nortonvirus keyword should refer to the port > > > > 5000. and > > > > > this name > > > > > and port mapping should get added to the default > > > > list so that i > > > > > can > > > > > refer later.here I am assuming nortons application > > > > is using > > > > > port number > > > > > 5000. > > > > > > __________________________________________________ > > > Do you Yahoo!? > > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > > > http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59408&t=59276 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
