Question about statefull inspection on IOS firewall

Unanswered Question
Jan 6th, 2010
User Badges:

Hi !


I need for test purposes to initiate tcp traffic from my router to the internet

i have set an inspect list on the outbound interface:


router(config)# int eth0

routert(config-if)# ip inspect myfw out


but the tcp sessions initiated from the router are not added int the inspection table and the tcp packets are dropped on their way back


Is there a solution to do this ?


Regards,


\François

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kent Heide Wed, 01/06/2010 - 08:39
User Badges:

If what you're meaning is traffic initiating from the router itself like for example if you want to telnet from the router you need to add a statement in your `ip inspect` config.


What you need is the `router-traffic` keyword after your inspect configuration.


ip inspect myfw tcp router-traffic

fdubus Thu, 01/07/2010 - 01:55
User Badges:

Thank you!

This is exactly what i was meaning !

Ganesh Hariharan Wed, 01/06/2010 - 08:49
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Actions

This Discussion