Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS IDS/Firewall blocks https connections

Starting from 12.3(5) ending with 12.3(17a) on all our 7200 and 7500 routers, applying ip audit input on internal interface or ip audit out on external interface immediately stops all https websites. I was trying to disable all https and http signatures but situation looks similar. Due to fact that we had lots of problems with 12.3T and 12.4 upgrade is not possible (routers restarts, VIPs crashes etc.). Even if I only apply alarm for info and attack signatures, https still cannot pass through and logs are empty.

Is there any workaround for this problem? Thanks!

1 REPLY
Cisco Employee

Re: IOS IDS/Firewall blocks https connections

Sounds like you're hitting this:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32778&Submit=Search

Note that this bug specifically talks about SSH/Telnet connections through the router, but this bug has numerous others linked to it that deal with pretty much all types of TCP traffic (including HTTPS).

The bug is fixed in 12.3(9.4) and later, so not sure why you're seeing it on 12.3(17a). Try the workaround (apply "ip inspect" to the interface as well) to confirm if you're hitting this bug.

191
Views
0
Helpful
1
Replies
CreatePlease login to create content