[c-nsp] iChat AV and Cisco CBAC/NAT

Thu Mar 15 11:35:51 EST 2007

I switched off using a Linux box running iptables to a 3845.

I have ACLs permitting certain traffic into the "office" network and am 
relying on CBAC.

Since switching, users complain that iChat AV no longer works (iChat 
works, just AV fails).  I'm not seeing any hits in the logs.

Any clues?  My inspect rules are below as well as the interface config.

interface BVI2
  ip address 10.250.2.254 255.255.255.0
  ip access-group into-corp out
  ip nat inside
  ip inspect Inside in
  ip virtual-reassembly
end

ip inspect max-incomplete high 2500
ip inspect max-incomplete low 2200
ip inspect one-minute high 2500
ip inspect one-minute low 2200
ip inspect name Inside tcp
ip inspect name Inside udp
ip inspect name Inside icmp
ip inspect name Inside ftp
ip inspect name Inside rtsp
ip inspect name Inside http
ip inspect name Inside dns
ip inspect name Inside ssh timeout 43200
ip inspect name Inside sip