[c-nsp] IOS 15.1 and 'inspect' rule (zone-based firewall)

Brian Stiff (bstiff) bstiff at cisco.com
Thu Apr 22 11:03:23 EDT 2010


Hi Ivan-

Adding to Arie's reply (which I believe is correct, although I'll verify
with engineering), specifying only an ACL as firewall match criteria
will not enable ALGs to correctly deal with services such as FTP, SIP,
etc, as described here, under the 'Applying an ACL as Match Criteria'
heading:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note
09186a00808bc994.shtml#conf-zbf

Regards,
Brian

Brian Stiff
Technical Marketing Engineer
bstiff at cisco.com | +1.720.562.6462
Cisco.com - http://www.cisco.com

> Date: Wed, 21 Apr 2010 21:30:20 -0700
> From: Ivan Poddubnyy <ivan_poddubnyy at symantec.com>
> Subject: [c-nsp] IOS 15.1 and 'inspect' rule (zone-based firewall)
> 
> Hi all,
> 
> I couldn't find explanation to this oddity on TAC, I would appreciate
> some help.
> 
> I'm running (migrating to) 15.1 on Cisco 2821 router. The router
> configured with zone-based firewall.
> [snip]



More information about the cisco-nsp mailing list