04-07-2007 06:31 PM - edited 03-11-2019 02:57 AM
I recently installed an 837 w/ CBAC (12.4) at a small office. I have enabled inspection for DNS, HTTP and HTTPS. I have found that most web pages display without trouble but a couple of sites are giving me trouble (www.usatoday.com). The page never displays and doesn't seem to timeout either. The CBAC audit logs haven't indicated that anything is being blocked or denied.
Ideas?
04-08-2007 04:10 AM
I am using CBAC on an 877w and get to this site fine. What I think is that you aren't letting out other things that the website might be using. My CBAC inspection list includes:
ip inspect name INBOUND http
ip inspect name INBOUND https
ip inspect name INBOUND ftp
ip inspect name INBOUND icmp
ip inspect name INBOUND dns
ip inspect name INBOUND echo
ip inspect name INBOUND finger
ip inspect name INBOUND imap
ip inspect name INBOUND imap3
ip inspect name INBOUND irc
ip inspect name INBOUND isakmp
ip inspect name INBOUND nntp
ip inspect name INBOUND ntp
ip inspect name INBOUND pop3
ip inspect name INBOUND realaudio
ip inspect name INBOUND snmp
ip inspect name INBOUND smtp
ip inspect name INBOUND telnet
ip inspect name INBOUND tftp
ip inspect name INBOUND time
ip inspect name INBOUND udp
ip inspect name INBOUND tcp router-traffic
Remember for CBAC to work properly you should be denying inbound traffic. So you permit what you want out on the outbound access-list and deny the traffic on the inbound access-list and CBAC will generate the return ACE's automatically.
See how you go with this - if not post your config and I'll have a squiz and see what I can see. Actually here is a default config (working) for ya :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide