Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Problem with CBAC

Currently, our router(2514) uses RACLs to provide some level of security using the tcp established option. I attempted to enable CBAC on my router following this document almost exactly: http://www.cisco.com/en/US/customer/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml Things seemed to work most of the time, but I was having problems with http. With fast switching enabled, some http traffic could not come through, and I would see log entries of the web browser trying to make a connection and the return ack packet getting blocked. This would happen for maybe 5% of connections, but it was enough to make a lot of web pages hang waiting on an ad to download etc. The problem would go away when I disabled route caching, but the performance drop was unacceptable.

I was wondering if anyone else has experienced this behavior with CBAC? I found one more person on a newsgroup with the exact same problem, but no one had an answer.

1 REPLY
Silver

Re: Problem with CBAC

I would try adding inspect out on tcp/http as well.

Rais.

78
Views
0
Helpful
1
Replies
CreatePlease to create content