Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Statefull Packet Inspection

Can Cisco2821 and Cisco2811 routers support Stateful Packet Inspection. If yes, how to configure it? If No, kindly provide supporting documents/links etc.

Thanks and Regards,

Ashish

5 REPLIES
New Member

Re: Statefull Packet Inspection

Dear All,

I found that SPI is configurable on Cisco2821 router. Could you let me know:

Is Statefull Packet Inspection (SPI) and CBAC (Context Based Access Control) are one and the same thing?

Regards

New Member

Re: Statefull Packet Inspection

I have prepared a template to configure Stateful Packet Inspection on Cisco 2821. Would appreciate if any volunteer can validate the template.

Thanks a lot.

Regards,

Ashish

Re: Statefull Packet Inspection

you will have to replace the "echo-reply" with "echo" in access-list 100 for a start, without which you will not be able to initiate a ping from unprotected networks.

and permit for ftp-data 20 , i don't think it's required as you are inspecting ftp connections originating from your protected network. Rest everything looks fine.

New Member

Re: Statefull Packet Inspection

Hi Vikram,

Is the application of the ACL and the Inspection rule on the Outside and Inside interfaces respectively in inbound direction, correct ?

Thanks,

Ashish

Re: Statefull Packet Inspection

Hi Ashish,

The directions are correct, the inspections configured inbound are going to punch holes in the ACL 100 to accomodate the return traffic.

Vikram

658
Views
0
Helpful
5
Replies