PAM - Port-to-application mapping

Introduction

  • PAM is working closely to CBAC
  • You cannot remap system defined ports
  • PAM is flexible,e.g.we want CBAC to checks ssh on port 2222
  • PAM allows us to check protocols globally or only for some hosts based on ACL

Configuration

 

  • Display system and user defined list

show ip port-map

Default mapping: x11 tcp port 6000-6606 system definied

.......................................................

Default mapping: clp tcp port 2567 system definied

  • Assing protocol ssh to port 2222

(config)#ip port-map ssh port 2222

.......................................................

  • Display all ports assigned to ssh

show ip port-map ssh

Default mapping: ssh tcp port 22 system definied

Default mapping: ssh udp port 22 system definied

Default mapping: ssh tcp port 2222 system definied

  • based on article about CBAC check our new rule

show ip inspect session

Router#sh ip inspect sessions

Established Sessions

Session 64FDF05C (x.x.x.x:1523)=>(172.16.0.2:2222) ssh SIS_OPEN

 

As you see above ...it's working!

 

dzbanek 2011-02-14

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.