CBAC is blocking some website content

Unanswered Question
Aug 4th, 2008
User Badges:

I seem to be having issues with CBAC on a 877.

I have tried accessing certain webpages without the CBAC setting and there is no issue.

Some websites seem fine, whereas others partially load or not at all. For example elements of the cisco homepage do not load, specifically the animated section. I have test a few websites and some don't seem to come up all all, youtube and ebay are a couple of example.

My CBAC configuration should be pretty standard, I have an ACL denying almost everything except some ICMP (it starts deny UPD/TCP then allows ICMP), and the inspect statements cover most protocols.

I have noticed that my deny ACL statement is blocking some packets...


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Tue, 08/05/2008 - 15:04
User Badges:
  • Silver, 250 points or more

Hi Dave,

Try adjusting your CBAC config to *only* inspect TCP, UDP, and FTP and see if that makes a difference.


Marwan ALshawi Tue, 08/05/2008 - 19:15
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

through what you said

i guess is related to flash player and JAVA

just track those things

good luck

davidjbradley Tue, 08/05/2008 - 23:23
User Badges:

Hi I solved my issue..

"ip virtual-reassembly" was disabled and it appears that the fragments were getting dropped by the firewall policies. I still don't really understand why this causes issues with some issues, but I must be realed to the content in the HTML.



This Discussion