Support for Extended Simple Mail Transport Protocol (ESMTP) is not available in CBAC. To determine whether a mail server is using SMTP or ESMTP, Telnet to the mail server port 25 and observe the banner for SMTP or ESMTP specification. You can also consult the mail server software vendor.

When a protocol is configured for CBAC, the protocol's traffic will be inspected, state information will be maintained, and in general, packets will be allowed back through the Cisco IOS Firewall only if they belong to a permissible session. When CBAC inspects FTP traffic, it only allows data channels with the destination port in the range of 1024 to 65,535. It will not open a data channel if the FTP client/server authentication fails.

CBAC supports multimedia application inspection of RTSP and H.323v2.

0 0

Post a comment