1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. OL-4387-02
  6. Configuration manual

Restrictions For Ssg Tcp Redirect; Prerequisites For Ssg Tcp Redirect; Configuration Of Ssg Tcp Redirect - Cisco OL-4387-02 Configuration Manual

Router service selection gateway configuration guide
Hide thumbs
Table of Contents

Advertisement

Typically, if a service is connected, SSG forwards packets to a user and packets from a user even if the
packets do not match the protocol and TCP ports specified for redirection. However, the behavior of
initial captivation on the Cisco 10000 series router differs in the following ways:

Restrictions for SSG TCP Redirect

The SSG TCP Redirect feature has the following restrictions:

Prerequisites for SSG TCP Redirect

Cisco SESM Release 3.1(1) or later is required to handle unauthenticated redirections. For other types
of redirection, SESM Release 3.1.1 or later is required.

Configuration of SSG TCP Redirect

To configure SSG TCP Redirect, perform the following tasks:
Cisco 10000 Series Router Service Selection Gateway Configuration Guide
10-4
When a packet arrives from an SSG user and the packet matches the protocol and TCP ports
configured as the redirection filter, the packet is subject to initial captivation and is redirected. If the
packet does not match the redirection filter, it is not subject to initial captivation and the packet is
dropped.
When a packet arrives from a service destined for an SSG user that is subject to initial captivation,
the packet is dropped.
The server(s) defined in a server group must be globally routable.
Traffic from hosts with overlapping IP addresses can be redirected only to SESMs with port-bundle
host keys.
When overlapping IP address support is enabled (the host key feature is enabled), a host can reach
the SSG only by a particular interface on the router. All packets between the host and the SSG use
this interface and you should not change the route between SSG and the host.
After you configure the servers in a group, the routes to those servers should not change. SSG TCP
Redirect does not work if packets from servers that need to be redirected are received on a non-SSG
interface.
TCP sessions that can remain idle for more than one minute are not supported.
Enable SSG TCP Redirect.
Define the captive portal server groups.
Specify the redirect server groups for unauthenticated user redirection.
Define network lists.
Define port lists.
Associate network and port lists with server groups.
Specify the default groups for captivation.
Chapter 10
SSG TCP Redirect
OL-4387-02

Advertisement

Table of Contents
loading

Related Manuals for Cisco OL-4387-02

Related Content for Cisco OL-4387-02

This manual is also suitable for:

10000 series

Table of Contents