cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1344
Views
0
Helpful
4
Replies

ip inspect command

shaw.chris
Level 1
Level 1

Can anyone explain the difference between the following commands

ip inspect name outbound http

ip inspect name outbound https

ip inspect name outbound dns

ip inspect name outbound icmp

compared to

ip inspect name outbound tcp

ip inspect name outbound udp

Wouldn't these two latter commands encompass the http, https, dns, icmp commands above?

4 Replies 4

sirdudesly
Level 2
Level 2

yes the last two would include HTTP, HTTPS and DNS. As they are TCP (I DNS can sometimes be used with UDP also) ICMP is seperate so you would still need

ip inspect name outbound icmp

The reason that you might not want all TCP traffic is that you might have another device already providing an ip inspection. Or a packet could be dropped because IOS thinks it's "not quite right" when it's perfectly valid etc.

there is a big difference in functionality of those commands.

tcp/udp inspection simply maintains state for tcp/udp connections, whereas the more specific entries check for things specific to http/https/dns.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfcbac.htm#wp1001085

Thanks for your help

If I created inspect rules for DNS, HTTP etc, would those protocols not listed still be allowed through the firewall if the ACL allows it?

As SRUE said, with the layer-4 protocol specific entries in there the IOS router performs application inspection. If you just specify TCP/UDP then the router doesn't look deeper into the packets and certain protocols won't work - H.323 & SIP for example negotiate additional connections over the signalling channel to set up the RTP streams.

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: