ip inspect command

Unanswered Question
May 20th, 2008

Can anyone explain the difference between the following commands

ip inspect name outbound http

ip inspect name outbound https

ip inspect name outbound dns

ip inspect name outbound icmp

compared to

ip inspect name outbound tcp

ip inspect name outbound udp

Wouldn't these two latter commands encompass the http, https, dns, icmp commands above?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sirdudesly Tue, 05/20/2008 - 15:36

yes the last two would include HTTP, HTTPS and DNS. As they are TCP (I DNS can sometimes be used with UDP also) ICMP is seperate so you would still need

ip inspect name outbound icmp

The reason that you might not want all TCP traffic is that you might have another device already providing an ip inspection. Or a packet could be dropped because IOS thinks it's "not quite right" when it's perfectly valid etc.

shaw.chris Wed, 05/21/2008 - 00:16

Thanks for your help

If I created inspect rules for DNS, HTTP etc, would those protocols not listed still be allowed through the firewall if the ACL allows it?

andrew.butterworth Wed, 05/21/2008 - 00:26

As SRUE said, with the layer-4 protocol specific entries in there the IOS router performs application inspection. If you just specify TCP/UDP then the router doesn't look deeper into the packets and certain protocols won't work - H.323 & SIP for example negotiate additional connections over the signalling channel to set up the RTP streams.

Andy

Actions

This Discussion