Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CBAC is blocking some website content

I seem to be having issues with CBAC on a 877.

I have tried accessing certain webpages without the CBAC setting and there is no issue.

Some websites seem fine, whereas others partially load or not at all. For example elements of the cisco homepage do not load, specifically the animated section. I have test a few websites and some don't seem to come up all all, youtube and ebay are a couple of example.

My CBAC configuration should be pretty standard, I have an ACL denying almost everything except some ICMP (it starts deny UPD/TCP then allows ICMP), and the inspect statements cover most protocols.

I have noticed that my deny ACL statement is blocking some packets...

Dave

3 REPLIES

Re: CBAC is blocking some website content

Hi Dave,

Try adjusting your CBAC config to *only* inspect TCP, UDP, and FTP and see if that makes a difference.

-Mike

Re: CBAC is blocking some website content

through what you said

i guess is related to flash player and JAVA

just track those things

good luck

New Member

Re: CBAC is blocking some website content

Hi I solved my issue..

"ip virtual-reassembly" was disabled and it appears that the fragments were getting dropped by the firewall policies. I still don't really understand why this causes issues with some issues, but I must be realed to the content in the HTML.

Dave

160
Views
0
Helpful
3
Replies