[c-nsp] IOS CBAC Experience
Ahmad Cheikh-Moussa
acm at netuse.de
Tue Jul 17 12:18:23 EDT 2007
Hi Guys,
I've got a strange behaviour from IOS CBAC.
Can someone tell me how to debug it ?
For example:
ip inspect name FW tcp
ip inspect name FW udp
ip inspect name FW icmp
ip inspect name FW ftp
ip inspect name FW tftp
inside: (eth0)
ip access-list extended test-in
permit ip 10.10.10.0 0.0.0.255 any
deny ip any any
outside:(dialer1)
ip access-list extended out-in
permit ip 11.11.11.0 0.0.0.255 10.10.10.0 0.0.0.255
deny ip any
When I activate it on the outside interface (dialer 1), then I can
not get traffic through it, in this case http traffic.
With snoop I can see the syn packet and the syn ack is send back to
the router, but this packet never receive the client. On the server
I can see, that the server retransmit several times the packet and
sent after that a reset packet.
Any hints ?
Regards,
Ahmad
--
Ahmad Cheikh-Moussa
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499
Service: Service at NetUSE.DE -- http://NetUSE.DE/
Vorstand: Andreas Seeger (Vorsitz), Dr. Roland Kaltefleiter, Dr. Joerg Posewang
Aufsichtsrat: Detlev Huebner (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942
Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.
More information about the cisco-nsp
mailing list