10-12-2008 02:09 AM - edited 03-11-2019 06:56 AM
Hi Security gurus,
I was trying CBAC in 2691 router in Dynamips.
I created some telnet connections through the router configured with ACLs & 'inspect' statments then looked at output of "show ip inspect session detail" command.
It tells me which ACL was dynamically altered by CBAC (to permit return traffic)
eg.
In SID 4.1.4.1[7:7]=>4.1.3.1[24049:24049] on ACL from-dmz (2 matches)
but it doesn't tell me which 'inspect' statment was matched and therefore caused this dynamic ACL entry.
Is there some way to tell this?
Regards, MH
10-12-2008 04:56 AM
I don't think you can get that information from a show command atleast, maybe from debugs. But it is usually pretty simple to figure out because the inspect statements are just based on protocols, so all 'tcp' traffic would natually match the tcp inspect statement, except special corner cases like smptp/advanced http etc.
As this topic has come up, there is a hidden command also 'show ip inspect stat' but it also does not show the required information.
Regards
Farrukh
11-11-2008 09:01 PM
Hi Mark,
Try the "debug ip inspect" command.
It has several options after it:
events
detail
object-creation
function-trace
..etc.
Those can tell you much more.
Cheers:
Istvan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide