Configuring the Network Protocol
The protocol statement allows you to specify which of the supported network protocols to match in an application definition. To configure network protocols, include the protocol statement at the [edit applications application application-name] hierarchy level:
protocol type;
You specify the protocol type as a numeric value; for the more commonly used protocols, text names are also supported in the command-line interface (CLI). Table 8 shows the list of the supported protocols.
Table 8: Network Protocols Supported by Services Interfaces
|
|
|
|---|
IP Security (IPSec) authentication header (AH)
|
ah
|
-
|
External Gateway Protocol (EGP)
|
egp
|
-
|
IPSec Encapsulating Security Payload (ESP)
|
esp
|
-
|
Generic routing encapsulation (GR)
|
gre
|
-
|
ICMP
|
icmp
|
Requires an application-protocol value of icmp.
|
Internet Group Management Protocol (IGMP)
|
igmp
|
-
|
IP in IP
|
ipip
|
-
|
Open Shortest Path First (OSPF)
|
ospf
|
-
|
Protocol Independent Multicast (PIM)
|
pim
|
-
|
Resource Reservation Protocol (RSVP)
|
rsvp
|
-
|
TCP
|
tcp
|
Requires a destination-port or source-port value unless you specify application-protocol rcp or dce-rcp.
|
UDP
|
udp
|
Requires a destination-port or source-port value unless you specify application-protocol rcp or dce-rcp.
|
Virtual Router Redundancy Protocol (VRRP)
|
vrrp
|
-
|
For a complete list of possible numeric values, see RFC 1700, Assigned Numbers (for the Internet Protocol Suite).
 |
NOTE: Internet Protocol version 6 (IPv6) is not supported as a network protocol in application definitions. By default, the twice NAT feature can affect IP, TCP, and UDP headers embedded in the payload of ICMP error messages. You can include the protocol tcp and protocol udp statements with the application statement for twice NAT configurations. For more information about configuring twice NAT, see Network Address Translation Services Configuration Guidelines.
|