Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CBAC - which 'inspect' statement cause the ACL dyn. entry

Hi Security gurus,

I was trying CBAC in 2691 router in Dynamips.

I created some telnet connections through the router configured with ACLs & 'inspect' statments then looked at output of "show ip inspect session detail" command.

It tells me which ACL was dynamically altered by CBAC (to permit return traffic)

eg.

In SID 4.1.4.1[7:7]=>4.1.3.1[24049:24049] on ACL from-dmz (2 matches)

but it doesn't tell me which 'inspect' statment was matched and therefore caused this dynamic ACL entry.

Is there some way to tell this?

Regards, MH

2 REPLIES

Re: CBAC - which 'inspect' statement cause the ACL dyn. entry

I don't think you can get that information from a show command atleast, maybe from debugs. But it is usually pretty simple to figure out because the inspect statements are just based on protocols, so all 'tcp' traffic would natually match the tcp inspect statement, except special corner cases like smptp/advanced http etc.

As this topic has come up, there is a hidden command also 'show ip inspect stat' but it also does not show the required information.

Regards

Farrukh

Re: CBAC - which 'inspect' statement cause the ACL dyn. entry

Hi Mark,

Try the "debug ip inspect" command.

It has several options after it:

events

detail

object-creation

function-trace

..etc.

Those can tell you much more.

Cheers:

Istvan

109
Views
0
Helpful
2
Replies