Chapter 10 SSG TCP Redirect

Figure 10-1 Restricting Access to Networks within Authorized Services

ServiceA

10.0.0.0/8

IPTVService 10.1.1.1/32

87908

The following describes the behavior of redirection for unauthorized services:

If a packet arrives from an unauthorized SSG user or it is destined to an unauthorized service, SSG redirects the packet if the packet matches the protocol and ports configured as the redirection filter. If the packet does not match the filter, SSG drops the packet.

If a packet arrives from an unauthorized service or is destined to an unauthorized SSG user, SSG drops the packet.

If a user’s connection is subject to redirection or captivation, SSG redirects to SESM any packets from the connection that match the protocol and ports for redirection and captivation.

If packets from the connection do not match the protocol and ports configured as a filter, SSG drops the packets.

Initial Captivation

Initial captivation redirects certain packets from users for a specific period of time. After a user logs on, packets to certain TCP ports are redirected to a server for advertisements and branding. SSG captivates the user by redirecting all user packets to those TCP ports regardless of the destination address.

Captivation is active for a specified duration, starting from the first redirected session.

If you configure initial captivation globally by using the CLI, captivation applies to all authenticated users. You can also enable initial captivation in the RADIUS user profile as an Account-Info attribute to override the CLI setting.

The user profile contains the following information for initial captivation:

Server group name

Note Use the CLI to configure the server group and associate a port or port list to the server group.

Duration of captivation

Service name (optional)

Note If you specify the optional service name, captivation activates only when logon to that service occurs.

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

 

OL-4387-02

10-3

 

 

 

Page 65
Image 65
Cisco Systems OL-4387-02 manual Initial Captivation, 10-3