Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

836 + vpn + ip inspect


i have an 386 router configured with vpn and access lists + ip inspect rules.

The internet traffic from the lan is not experiencing any problems and the static nat rule for incoming traffic (for incoming smtp) is working fine too.

However if i connect with a vpn client i can't make a connection to the server on the lan side.

In my case, an isa server with published terminal services. The ISA server is not the problem, i tested that.

When i monitor the cisco with "debug ip inspect tcp" i get the following messages :

*Mar 5 21:24:11.282: CBAC sis 819E992C pak 816F57D4 TCP SYN SEQ 2959149246 LEN 0 ( => (

*Mar 5 21:24:11.282: CBAC sis 819E992C L4 inspect result: SKIP packet 816F57D4 ( ( bytes 0 tcp

*Mar 5 21:24:11.286: CBAC* sis 819E992C pak 816674EC TCP ACK 2959149247 SEQ 181756586 LEN 0 ( <= (

*Mar 5 21:24:11.286: CBAC* sis 819E992C L4 inspect result: DROP packet 816674EC ( ( bytes 0 tcp

*Mar 5 21:24:11.602: CBAC* sis 819E992C pak 81661984 TCP SYN ACK 2959149247 SEQ 181756585 LEN 0 ( <= (

What is causing the drop of the packet ?? I can see that something is dropped but how can i find the cause of it ?

The software version is : :c836-k9o3s8y6-mz.123-4.T1.bin

Here's my config :

Thanx in advance,



Re: 836 + vpn + ip inspect

The only reason that I know of for failue of terminal services is that WebVPN does not work with ActiveX control. Thus when running WebVPN you could have problems accessing the corresponding pages.

New Member

Re: 836 + vpn + ip inspect

Ít's not by web client but by the windows remote desktop client....

But my main problem is that i don't know What rule is blocking the traffic.

New Member

Re: 836 + vpn + ip inspect

Solved problem by uploading a new IOS

CreatePlease login to create content