Chapter 10 SSG TCP Redirect

The following sections describe these tasks in more detail:

Configuration Considerations for SSG TCP Redirect, page 10-5

Configuring Port-Based Redirection for Unauthenticated Users, page 10-5

Limiting Redirection for Unauthenticated Users, page 10-5

Configuring SSG TCP Redirect, page 10-6

Configuration Considerations for SSG TCP Redirect

When you configure SSG TCP Redirect, consider the following:

Where to redirect—Determine the server group to which you want to redirect.

When to redirect—Determine if you want to redirect for unauthenticated, unauthorized, or initial packets.

What to redirect—Determine if you want to redirect by networks or ports, and then decide the networks to include in a network list and the ports to include in a port list.

Configuring Port-Based Redirection for Unauthenticated Users

To apply SSG TCP Redirect to unauthenticated users based on a TCP port, bind the unauthenticated user redirect server group to a port using the redirect port command in SSG redirect configuration mode.

Example 10-1binds the server group named userRedirect1 to port 80 for unauthenticated user redirection.

Example 10-1 Binding a Server Group to a Port

Router(config)# ssg tcp-redirect

Router(config-ssg-redirect)# server-group userRedirect1

Router(config-ssg-redirect-group)# server 10.0.1.4 8090

Router(config-ssg-redirect)#redirect unauthenticated-user to userRedirect1

Router(config-ssg-redirect)#redirect port 80 to userRedirect1

Limiting Redirection for Unauthenticated Users

To limit the number of TCP sessions from an unauthenticated user that are redirected to a particular server group, use the max-sessionscommand in the SSG redirect group configuration mode:

server-group group-name

max-sessions host number

Example 10-2limits the number of TCP sessions from user4. In this example, SSG redirects a maximum of 15 sessions from user4 to the server group named new-users1.

Example 10-2 Limiting Redirected TCP Sessions

Router(config)# ssg tcp-redirect

Router(config-ssg-redirect)# server-groupnew-users1

Router(config-ssg-redirect-group)# server 10.0.1.4 8090

Router(config-ssg-redirect-group)# max-sessions user4 15

Cisco 10000 Series Router Service Selection Gateway Configuration Guide

 

OL-4387-02

10-5

 

 

 

Page 66 Page 68
Page 67
Image 67
Cisco Systems OL-4387-02 manual 10-5, Example 10-1 Binding a Server Group to a Port
Page 66 Page 68
Top Page Image Contents