CBAC is blocking some website content

Unanswered Question
Aug 4th, 2008

I seem to be having issues with CBAC on a 877.

I have tried accessing certain webpages without the CBAC setting and there is no issue.

Some websites seem fine, whereas others partially load or not at all. For example elements of the cisco homepage do not load, specifically the animated section. I have test a few websites and some don't seem to come up all all, youtube and ebay are a couple of example.

My CBAC configuration should be pretty standard, I have an ACL denying almost everything except some ICMP (it starts deny UPD/TCP then allows ICMP), and the inspect statements cover most protocols.

I have noticed that my deny ACL statement is blocking some packets...

Dave

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Tue, 08/05/2008 - 15:04

Hi Dave,

Try adjusting your CBAC config to *only* inspect TCP, UDP, and FTP and see if that makes a difference.

-Mike

Marwan ALshawi Tue, 08/05/2008 - 19:15

through what you said

i guess is related to flash player and JAVA

just track those things

good luck

davidjbradley Tue, 08/05/2008 - 23:23

Hi I solved my issue..

"ip virtual-reassembly" was disabled and it appears that the fragments were getting dropped by the firewall policies. I still don't really understand why this causes issues with some issues, but I must be realed to the content in the HTML.

Dave

Actions

This Discussion