[c-nsp] Cisco 1812W & IOS 12.4(2)T1 & CBAC/Firewall
Lawrence Wong
lawrencewong72 at yahoo.com
Wed Nov 2 02:18:37 EST 2005
Hi Brett,
--- Brett Looney <brett at looney.id.au> wrote:
> At 11:46 2/11/2005, you wrote:
> >I have just gotten a Cisco 1812W (the 1800 series
> with
> >built in wireless). It is generally working fine
> >(wireless, routing, etc) except that I couldn't get
> >the built in firewall & IDS to work.
> >
> >In a nutshell, whenever I tried to enable "ip
> inspect"
> >or "ip ips" on the internal BVI1 interface, all
> >UDP/TCP traffic stops. ICMP traffic works fine
> though.
> >No NAT is involved.
>
> Why are you using a BVI interface? I recently did an
> 1801W and I just
> put an IP address directly on the Dot11Radio0
> interface and did the
> filtering there...
Both the wireless and the built-in switch ports are in
the same subnet and when I tried the web
configuration, the BVI interface was created and used.
Is there anyway to achieve the same without using BVI?
On a side note, I noticed that "ip inspect" and "ip
ips" fails to work when I try to ask it to process any
traffic from internal->internet .
i.e. if I put "ip inspect out" and/or "ip ips out" on
fa0 (connected to the internet), TCP/UDP traffic stops
as well. The same happens when I do an "ip inspect in"
and/or "ip ips in" on the BVI1 interface.
Thanks,
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the cisco-nsp
mailing list