Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CBAC Difficults with Web page Viewing

I recently installed an 837 w/ CBAC (12.4) at a small office. I have enabled inspection for DNS, HTTP and HTTPS. I have found that most web pages display without trouble but a couple of sites are giving me trouble (www.usatoday.com). The page never displays and doesn't seem to timeout either. The CBAC audit logs haven't indicated that anything is being blocked or denied.

Ideas?

1 REPLY
New Member

Re: CBAC Difficults with Web page Viewing

I am using CBAC on an 877w and get to this site fine. What I think is that you aren't letting out other things that the website might be using. My CBAC inspection list includes:

ip inspect name INBOUND http

ip inspect name INBOUND https

ip inspect name INBOUND ftp

ip inspect name INBOUND icmp

ip inspect name INBOUND dns

ip inspect name INBOUND echo

ip inspect name INBOUND finger

ip inspect name INBOUND imap

ip inspect name INBOUND imap3

ip inspect name INBOUND irc

ip inspect name INBOUND isakmp

ip inspect name INBOUND nntp

ip inspect name INBOUND ntp

ip inspect name INBOUND pop3

ip inspect name INBOUND realaudio

ip inspect name INBOUND snmp

ip inspect name INBOUND smtp

ip inspect name INBOUND telnet

ip inspect name INBOUND tftp

ip inspect name INBOUND time

ip inspect name INBOUND udp

ip inspect name INBOUND tcp router-traffic

Remember for CBAC to work properly you should be denying inbound traffic. So you permit what you want out on the outbound access-list and deny the traffic on the inbound access-list and CBAC will generate the return ACE's automatically.

See how you go with this - if not post your config and I'll have a squiz and see what I can see. Actually here is a default config (working) for ya :)

103
Views
0
Helpful
1
Replies