Ok, I am stumped, so here I am :)
I have a 1721 router with a DSL WIC for a location for their internet access and with a VPN tunnel to HQ. The problem is that SPI lets MOST traffic in and out, but it is blocking some sites... microsoft.com and southwest.com to name a few. This is my config for ip inspect now. Am I missing something?
ip inspect name FIREWALL udp
ip inspect name FIREWALL tcp
ip address *.*.*.* 255.255.255.248
ip access-group 102 in
ip mtu 1492
ip inspect FIREWALL out
ip nat outside
ip virtual-reassembly max-reassemblies 32
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
no cdp enable
I have ran debug and it is not telling me anything.
I am wondering if that version of IOS has a bug? It is c1700-advsecurityk9-mz.124-17.bin.
Also, is there a version of IOS I can use that does not have SPI?
Than ks for any help!