We are running CBAC on a 2811 route with the following IOS c2800nm-adventerprisek9-mz.12-24.T2 This works fine and allows and blocks the traffic as designed. However if we reboot the router CBAC stops working, to get it working we remove a rule from the ACL and put it back in and CBAC starts allowing traffic. In the same ACL we have a rule to allow ssh, which we use to connect to the router for management, this works fine, as its not using CBAC and doesn't need to be passed out to the public side of the network. This shows that its not an issue with the ACL.
Note that once this is working it is fine, only breaks after a reboot. Manual removal of the rule in the ACL and putting back in makes it work again.
Router#show run Building configuration...
Current configuration : 1411 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker logging message-counter syslog no aaa new-model dot11 syslog ip source-route ip cef
ip inspect name CELTrust icmp ip inspect name CELTrust bgp no ipv6 cef voice-card 0 object-group service BGP tcp eq bgp object-group service ICMP icmp echo icmp traceroute icmp echo-reply
archive log config hidekeys
interface FastEthernet0/0 description to CELAK1-S15 2/3/43 ip address 192.168.179.3 255.255.255.0 ip access-group 101 in ip inspect CELTrust in duplex auto speed auto ! interface FastEthernet0/1 description to One Office IDL ip address 192.168.255.142 255.255.255.252 ip access-group 110 in duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.179.1 10 no ip http server no ip http secure-server
access-list 101 permit object-group ICMP host 192.168.179.1 host 192.168.255.141 access-list 101 permit object-group BGP host 192.168.179.1 host 192.168.255.141 access-list 101 deny ip any any access-list 110 deny ip any any
!line con 0 line aux 0 line vty 0 4 login scheduler allocate 20000 1000 end
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :