[c-nsp] Problem with IP Inspect

Kevin Graham kgraham at industrial-marshmallow.com
Fri Jul 22 18:32:10 EDT 2011


On Jul 22, 2011, at 1:23 PM, "Joseph Mays" <mays at win.net> wrote:

>  There is no way turning on ip inspection should break communications anywhere in the absence of an ACL list, is there?

IIRC, ip inspect is creating a pseudo-acl, so you're being bitten by the default deny. You should apply a "permit ip any any" ACL inbound on that interface. (Adding more specific permits and making sure ACE counters aren't excessively increasing is also a really good way of making sure inspection is handling the traffic you intended it to during initial deployment  without breaking anything).



> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list