воскресенье, 19 мая 2013 г.

Cisco: Порядок обработки пакетов «в сложных конфигурациях»



    Пакет Inside−to−Outside
if IPSec then check input access list
decryption − for CET (Cisco EncryptionTechnology) or IPSec
check input access list
check input rate limits
input accounting
policy routing
routing
redirect to web cache
NAT inside to outside (local to global translation)
crypto (check map and mark for encryption)
check output access list
inspect (Context−based Access Control (CBAC))
TCP intercept
encryption
queueing

   Пакет Outside−to−Inside
if IPSec then check input access list
decryption − for CET or IPSec
check input access list
check input rate limits
input accounting
NAT outside to inside (global to local translation)
policy routing
routing
redirect to web cache
crypto (check map and mark for encryption)
check output access list
inspect CBAC
TCP intercept
encryption
queueing

 Извлечено из Cisco Document ID: 6209

Комментариев нет:

Отправить комментарий