cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
0
Helpful
2
Replies

CBAC - which 'inspect' statement cause the ACL dyn. entry

Hi Security gurus,

I was trying CBAC in 2691 router in Dynamips.

I created some telnet connections through the router configured with ACLs & 'inspect' statments then looked at output of "show ip inspect session detail" command.

It tells me which ACL was dynamically altered by CBAC (to permit return traffic)

eg.

In SID 4.1.4.1[7:7]=>4.1.3.1[24049:24049] on ACL from-dmz (2 matches)

but it doesn't tell me which 'inspect' statment was matched and therefore caused this dynamic ACL entry.

Is there some way to tell this?

Regards, MH

2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

I don't think you can get that information from a show command atleast, maybe from debugs. But it is usually pretty simple to figure out because the inspect statements are just based on protocols, so all 'tcp' traffic would natually match the tcp inspect statement, except special corner cases like smptp/advanced http etc.

As this topic has come up, there is a hidden command also 'show ip inspect stat' but it also does not show the required information.

Regards

Farrukh

Istvan_Rabai
Level 7
Level 7

Hi Mark,

Try the "debug ip inspect" command.

It has several options after it:

events

detail

object-creation

function-trace

..etc.

Those can tell you much more.

Cheers:

Istvan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: