Currently, our router(2514) uses RACLs to provide some level of security using the tcp established option. I attempted to enable CBAC on my router following this document almost exactly: http://www.cisco.com/en/US/customer/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml Things seemed to work most of the time, but I was having problems with http. With fast switching enabled, some http traffic could not come through, and I would see log entries of the web browser trying to make a connection and the return ack packet getting blocked. This would happen for maybe 5% of connections, but it was enough to make a lot of web pages hang waiting on an ad to download etc. The problem would go away when I disabled route caching, but the performance drop was unacceptable.
I was wondering if anyone else has experienced this behavior with CBAC? I found one more person on a newsgroup with the exact same problem, but no one had an answer.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...