1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Software
  5. 4700M
  6. Configuration manual

Ils Inspection - Cisco 4700M Configuration Manual

Application control engine appliance security
Hide thumbs Also See for 4700M:
Table of Contents

Advertisement

Application Protocol Inspection Overview

ILS Inspection

Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-14
Creates a connection record for the transit ICMP request or reply packets and
also for those packets addressed to or from the ACE.
ICMP error message inspection performs the following tasks:
Extracts the embedded IP header in the ICMP error message and checks for
the presence of a connection record that corresponds to the embedded packet
for which the error message has been generated.
Performs an ACL of the ICMP error message regardless of the existence of a
session for the embedded packet. The ICMP error message is itself stateless
and requires access control.
Allocates NAT translation entries (xlate) for intermediate nodes or endpoint
nodes to perform NAT of a local IP address to a global IP address in any
ICMP error message.
Updates the checksum in the outer and inner headers.
Internet Locator Service (ILS) is used by Microsoft NetMeeting to help users find
other users. ILS interfaces with the Lightweight Directory Access Protocol
(LDAP) to provide directory services. The ACE ILS inspection feature provides
NAT support for NetMeeting, Site Server, and Active Directory products that use
LDAP to exchange directory information with an ILS server. The ACE does not
support PAT for ILS because the LDAP database stores only IP addresses and not
ports.
ILS/LDAP follows the client/server model and uses a single TCP connection for
each session. Depending on the client actions, several sessions may be required.
During the connection setup, the client sends a BIND protocol data unit (PDU) to
the server. After the client receives the BIND RESPONSE from the server, other
messages (for example, ADD, DEL, SEARCH, or MODIFY) can be exchanged to
perform operations on the ILS Directory.
The ADD REQUEST and SEARCH REQUEST PDUs may contain addresses of
NetMeeting peers. NetMeeting version 2.x and 3.x provide ILS support.
Because ILS traffic occurs only on the secondary UDP channel, the ACE
disconnects the TCP connection after the TCP inactivity interval has elapsed. By
default, the TCP inactivity is 60 minutes, but you can adjust it using a connection
Chapter 3
Configuring Application Protocol Inspection
OL-16202-01

Advertisement

Table of Contents
loading

Related Manuals for Cisco 4700M

Related Content for Cisco 4700M

This manual is also suitable for:

4700 series

Table of Contents