[c-nsp] Problem with IP Inspect
Kevin Graham
kgraham at industrial-marshmallow.com
Fri Jul 22 18:32:10 EDT 2011
On Jul 22, 2011, at 1:23 PM, "Joseph Mays" <mays at win.net> wrote:
> There is no way turning on ip inspection should break communications anywhere in the absence of an ACL list, is there?
IIRC, ip inspect is creating a pseudo-acl, so you're being bitten by the default deny. You should apply a "permit ip any any" ACL inbound on that interface. (Adding more specific permits and making sure ACE counters aren't excessively increasing is also a really good way of making sure inspection is handling the traffic you intended it to during initial deployment without breaking anything).
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list