Statefull Packet Inspection

ashish.sehgal · ‎02-15-2009

Can Cisco2821 and Cisco2811 routers support Stateful Packet Inspection. If yes, how to configure it? If No, kindly provide supporting documents/links etc.

Thanks and Regards,

Ashish

ashish.sehgal · ‎02-16-2009

Dear All,

I found that SPI is configurable on Cisco2821 router. Could you let me know:

Is Statefull Packet Inspection (SPI) and CBAC (Context Based Access Control) are one and the same thing?

Regards

ashish.sehgal · ‎02-19-2009

I have prepared a template to configure Stateful Packet Inspection on Cisco 2821. Would appreciate if any volunteer can validate the template.

Thanks a lot.

Regards,

Ashish

vikram_anumukonda · ‎02-22-2009

you will have to replace the "echo-reply" with "echo" in access-list 100 for a start, without which you will not be able to initiate a ping from unprotected networks.

and permit for ftp-data 20 , i don't think it's required as you are inspecting ftp connections originating from your protected network. Rest everything looks fine.

ashish.sehgal · ‎02-22-2009

Hi Vikram,

Is the application of the ACL and the Inspection rule on the Outside and Inside interfaces respectively in inbound direction, correct ?

Thanks,

Ashish

vikram_anumukonda · ‎02-23-2009

Hi Ashish,

The directions are correct, the inspections configured inbound are going to punch holes in the ACL 100 to accomodate the return traffic.

Vikram