cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
235
Views
0
Helpful
1
Replies

Returning traffic through ISR's

spencercook
Level 1
Level 1

I work in healthcare and our rules on access through our WAN/Internet connections are quite strict. We do however have one issue i've not been able to work around.

We are using Cisco ISR's (this example a 2851) all with enabled firewall and IPS.

for outbound traffic, I can create a rule on the access list and traffic is permitted out, and the return traffic is permitted inbound.

However if i create a rule for inbound traffic, the ISR is not creating the dynmaic rule for the return traffic, and i'm having to manually a matching outbound for every inbound connection. Is there any way around this other than having permit ip any any as the last rule, which i'm not permitted to do.

Any help much appreciated

Thanks

Spencer.

1 Reply 1

David White
Cisco Employee
Cisco Employee

Hi Spencer,

We need a little more information to assist here. IOS FW on ISRs can use either the historical inspect statements where you apply the inspect to an interface, or the new zone-based FW.

If you are applying the inspection to an interface, for inbound traffic, you would need to inspect inbound on the outside interface. For outbound traffic you would inspect outbound on that same interface.

This provides you with DoS protection for the inbound traffic, as well as opening up the ACLs to allow the reply traffic (from the inbound connections - assuming you have an ACL applied to your inside interface).

Hope it helps,

David.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: