Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
1
Replies

Question about CBAC

shikamarunara
Level 4
Level 4

‎08-02-2007 12:00 PM - edited ‎07-03-2021 02:26 PM

I'd like some help understanding an aspect of firewalling. I have CBAC configured on an ISR. The WAN (outside) interface is configured with an ACL that will not allow traffic to come in. CBAC's job is to allow temporary openings in this ACL for connections initiated on the LAN (inside) interface and close them when the transmission ends. So, in this case I would be configuring inspection ("ip inspect X in") on the inside interface so that traffic leaving the LAN is checked, correct?

My question is, what exactly is being inspected? I know that the inspection is happening at the application layer, but beyond that I'm not sure what the firewall is looking for. So, let's assume a telnet session is initiated inside the network to a host outside. A temporary port is opened on the external interface's ACL to allow the transmission. Now the inspection is looking at the telnet session's traffic as it enters the inside interface. What is it looking for exactly?

-Shikamaru

Labels:
0 Helpful
1 Reply 1

rochopra
Cisco Employee
Cisco Employee

‎08-02-2007 06:29 PM

CBAC inspects protocol upto the application layer.

It can watch protocol traffic and see what dynamic ports to open for the return traffic for the protocol.

It also monitors signaling and commands for certain protocols like ftp

Example : If user is telnetting to a server on the Internet. When the outbound traffic hits the Internet interface, the CBAC creates temporary opening to permit the traffic to the server. This information is maintained in the session state table. The return traffic is permitted because the session state table indicates that inbound packets are part of the original session that was initiated by User.

Hope this helps.

~Rohit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card