Other application protocols (not defined here) can be enabled as required.
Example 5-5. Define CBAC Inspection Rules
Router(config)# ip inspect name myfw http
Router(config)# ip inspect name myfw ftp
Router(config)# ip inspect name myfw smtp
Router(config)# ip inspect name myfw tcp
Router(config)# ip inspect name myfw udp
Step 4??”Configure Global Timeouts and Thresholds
CBAC uses several timeout and threshold values to determine the state of the session and the duration for
which it is maintained. At times, connections are continually maintained for abruptly terminated sessions that
occupy unnecessary resources. Incomplete sessions, idle (unused) sessions, or abruptly terminated sessions can
be cleared using the timeout and threshold values.
The timeout and threshold values can be used either with default values or can be tuned to suit the network
requirement. Table 5-1 shows the available CBAC timeout and threshold commands and their default values.
Use the commands listed in the table to modify global timeout or threshold values as required.
Step 5??”Apply the Access List and the Inspection Rule to an Interface
For CBAC to take effect, the access list and the inspection rules configured earlier need to be applied to the
interface.
Pages:
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227