Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ip inspect problem

I have a problem with ip inspect on a C 827 router.

When i want make a connection to outbound it can not make a session with ip inspect firewall. When is use the command sh ip inspect session i don`t see details. If i disable access-list then everything works fine.

I hope sombody can help my.

2 REPLIES
New Member

Re: ip inspect problem

I have make some test. When i do a telnet with ip-adres then works everything good. The problemen is with dns resolve and ip inspect. I have add# ip name-server X.X.X.X but is does helping. I hope somebody can help.

New Member

Re: ip inspect problem

This doesnt solve your problem, but I wanted to point it out.

Remove 'ip inspect dns-timeout 30' as this is synonymous with 'ip inspect name firewall udp' because when you inspect UDP, the UDP/53 falls into this category and the default UDP idle-timeout is 30 seconds.

Unless you increase/decrease the timeout value (in seconds) for 'dns-timeout,' you dont need the command.

291
Views
0
Helpful
2
Replies
CreatePlease to create content