165.201.1 10.1.1.1 netmask
255.255.255.255 1000 100
The nat command offers the same feature. Example 7-14 shows how configuring the nat command is similar to
configuring the TCP Intercept.
Example 7-14. Configuring TCP Intercept on PIX Using the NAT Command
PIX(config)# nat (inside) 1 10.1.1.0 255.255.255.0 1000 100
Policy-Based Routing (PBR)
Policy-based routing (PBR) provides a method for overriding the information available in the IP routing table and
can be configured to forward (route) packets based on other criteria defined in policies, such as IP addresses,
port numbers, application, and the length/size of the packet. PBR can also be used for packet classification and
marking with IP precedence values in the Type of Service (ToS) field of the IP header. PBR gives more granular
control over routing of packets by extending and complementing the existing mechanisms provided by routing
protocols.
With the capability to control a data path, in the event of an attack, PBR can be used as a security tool to divert
traffic and for scrubbing or managing congestion. PBR can also be used as a mitigation tool to match the attack
traffic and drop it. Example 7-15 shows sample configurations for both these scenarios.
Pages:
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390