Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP TCP INTERCEPT

have a cisco 3640 router with 12.x ios running. I wanted to make my router as application firewall to intercept all the connections for my web server and i configured like this

ip tcp intercept list 103

access-list 103 permit tcp any host x.x.x.x1( my web server ip address)

I did not configure any other intercept command and left everything to default.

Now when i try to browse the site x.x.x.x1 from outside the page is not getting displayed. But in the show tcp intercept statistics i could see establised session from the outside ip address of the system from which i am trying to browse x.x.x.x1. Now when i make the tcp intercept mode to watch mode

Ip tcp intercept mode watch.

Then my site is accessable from outside. I am having a pix firewall between my router and the web server.

I tried disabling the ip cef, gave

no ip route-cache

no ip mroute-cache on all the interface

and also tried from two webservers one kept inside and the other kept outside the firewall and both are not working.

When i type in sh tcp intercept connections I could see the connections in the establised mode but the web server is not accessable from outside. Once i move in it watch mode my web servers are working. MLS is disabled in the router.

One more thing is that when i am in the intercept mode and i could establised status but the connection is not resetting or refreshing after 8 hours also. It was still showing the connection establised though i have disconnected the session long back.

Can some one advice me what is the mistake i am making and how to solve this problem

Thanks in Advance

2 REPLIES
VIP Purple

Re: IP TCP INTERCEPT

Hello,

can you post the output you get from 'debug ip tcp intercept' while trying to access the web site ?

New Member

Re: IP TCP INTERCEPT

Hi,

Thanks for your mail. Below is the debug output that i got

icodenet#debug ip tcp intercept

TCP intercept debugging is on

icodenet#

1d11h: %IDS-4-ICMP_ECHO_SIG: Sig:2004:ICMP Echo Request - from 63.251.161.99 to

12.109.150.211

1d11h: %IDS-4-ICMP_UNREACH_SIG: 2001:ICMP Host Unreachable - from 12.125.6.185 t

o 65.199.28.4

1d11h: INTERCEPT: new connection (206.135.105.10:1445 SYN -> 12.109.150.150:80)

1d11h: INTERCEPT(*): (206.135.105.10:1445 <- ACK+SYN 12.109.150.150:80)

1d11h: INTERCEPT: 1st half of connection is established (206.135.105.10:1445 ACK

-> 12.109.150.150:80)

1d11h: INTERCEPT(*): (206.135.105.10:1445 SYN -> 12.109.150.150:80)

1d11h: INTERCEPT: 2nd half of connection established (206.135.105.10:1445 <- AC

K+SYN 12.109.150.150:80)

1d11h: INTERCEPT(*): (206.135.105.10:1445 ACK -> 12.109.150.150:80)

1d11h: INTERCEPT(*): (206.135.105.10:1445 <- WINDOW 12.109.150.150:80)

1d12h: %IDS-4-ICMP_UNREACH_SIG: 2001:ICMP Host Unreachable - from 12.125.6.185 t

o 65.199.28.4

1d12h: %IDS-4-ICMP_TIMXCEED_SIG: Sig:2005:ICMP Time Exceeded for a Datagram - fr

om 144.232.19.70 to 65.199.28.2

1d12h: %IDS-4-ICMP_UNREACH_SIG: 2001:ICMP Host Unreachable - from 12.125.6.185 t

o 65.199.28.4

1d12h: %IDS-4-ICMP_ECHO_SIG: Sig:2004:ICMP Echo Request - from 208.184.39.130 to

12.109.150.2

1d12h: %IDS-4-ICMP_UNREACH_SIG: 2001:ICMP Host Unreachable - from 64.191.63.3 to

12.109.150.2

1d12h: %IDS-4-ICMP_TIMXCEED_SIG: Sig:2005:ICMP Time Exceeded for a Datagram - fr

om 144.232.19.70 to 65.199.28.2

Thanks in Advance

144
Views
0
Helpful
2
Replies