Обработка пакета в cisco

Пакет Inside−to−Outside

  • if IPSec then check input access list
  • decryption − for CET (Cisco EncryptionTechnology) or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • policy routing
  • routing
  • redirect to web cache
  • NAT inside to outside (local to global translation)
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect (Context−based Access Control (CBAC))
  • TCP intercept
  • encryption
  • queueing
  • Пакет Outside−to−Inside

  • if IPSec then check input access list
  • decryption − for CET or IPSec
  • check input access list
  • check input rate limits
  • input accounting
  • NAT outside to inside (global to local translation)
  • policy routing
  • routing
  • redirect to web cache
  • crypto (check map and mark for encryption)
  • check output access list
  • inspect CBAC
  • TCP intercept
  • encryption
  • queueing
  • http://habrahabr.ru/blogs/cisconetworks/51139/
    Извлечено из Cisco Document ID: 6209

    Advertisements

    Leave a Reply

    Please log in using one of these methods to post your comment:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s