Re: CBAC Difficults with Web page Viewing

rmeans · ‎04-07-2007

I recently installed an 837 w/ CBAC (12.4) at a small office. I have enabled inspection for DNS, HTTP and HTTPS. I have found that most web pages display without trouble but a couple of sites are giving me trouble (www.usatoday.com). The page never displays and doesn't seem to timeout either. The CBAC audit logs haven't indicated that anything is being blocked or denied.

Ideas?

mightymouse2045 · ‎04-08-2007

I am using CBAC on an 877w and get to this site fine. What I think is that you aren't letting out other things that the website might be using. My CBAC inspection list includes:

ip inspect name INBOUND http

ip inspect name INBOUND https

ip inspect name INBOUND ftp

ip inspect name INBOUND icmp

ip inspect name INBOUND dns

ip inspect name INBOUND echo

ip inspect name INBOUND finger

ip inspect name INBOUND imap

ip inspect name INBOUND imap3

ip inspect name INBOUND irc

ip inspect name INBOUND isakmp

ip inspect name INBOUND nntp

ip inspect name INBOUND ntp

ip inspect name INBOUND pop3

ip inspect name INBOUND realaudio

ip inspect name INBOUND snmp

ip inspect name INBOUND smtp

ip inspect name INBOUND telnet

ip inspect name INBOUND tftp

ip inspect name INBOUND time

ip inspect name INBOUND udp

ip inspect name INBOUND tcp router-traffic

Remember for CBAC to work properly you should be denying inbound traffic. So you permit what you want out on the outbound access-list and deny the traffic on the inbound access-list and CBAC will generate the return ACE's automatically.

See how you go with this - if not post your config and I'll have a squiz and see what I can see. Actually here is a default config (working) for ya :)