Invalid Classifier Criteria - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Security Context Overview
If you use dynamic NAT, an active NAT session is created when the real host creates a connection
through the shared interface. For traffic returning to the host, the active NAT session is used to classify
the packet.
To quickly identify possible overlaps between different contexts, a situation that leads to connectivity
problems, enter the show np 3 static command in the system execution space.
Note
For management traffic destined for an interface, the interface IP address is used for classification.
Invalid Classifier Criteria
The following configurations are not used for packet classification:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-4
static (inside,shared) 10.30.10.0 10.30.10.0 netmask 255.255.255.0
NAT exemption—The classifier does not use a NAT exemption configuration for classification
purposes because NAT exemption does not identify the mapped (shared) interface.
Routing table—The classifier does not use the routing table for classification. For example, if a
context includes a static route that points to an external router as the next-hop to a subnet, and a
different context includes a static command for the same subnet, then the classifier uses the static
command to classify packets destined for that subnet and ignores the static route.
Chapter 4
Configuring Security Contexts
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
