|
|
On Tue, Apr 06, 2004 at 09:13:47AM +0800, Paul Culmsee wrote: > Cisco has NBAR (network based application recognition) which people use > to apply policies to certain types of traffic at layer 4 and above. I > once had NBAR decide that regular HTTP traffic was in fact kazaa2 and it > accordingly dropped the traffic as per my policy for peer2peer > protocols. > > It looked and felt like a DDOS attack and when I removed all policy maps > everything was cool again.. an IOS upgrade did the trick.. It certainly sounds like an IOS upgrade would be a good thing to do, I'm sure ours hasn't had one for ages. OT, do we need a service agreement to get an upgrade? > Perhaps you have the same problem. It may be that Cisco NBAR recognizes > SSH? > > For what its worth, I run openVPn across a 3725 router with NBAR, CBAC, > IDS, NAT and IPSEC crypto maps and it works fine.. That's most encouraging. Thanks Paul, Patrick Lesslie ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |