Cisco Support Community
Community Member

CBAC Inner Workings

Hi Guys,

I have some questions regarding CBAC.

We have a customer with live CBAC installation currently running and working in one direction doing basic auditing for TCP and UDP, with no returning path access-lists in place, only a permit any any outbound ACL.

We merely trying to monitor traffic flow at this stage, not provide any protection yet. The customer also want to turn off existing outbound auditing for CBAC.

The customer wishes to add CBAC in the opposite direction to do auditing of

inbound traffic for TCP and UDP in order to learn the inbound traffic flow / behaviour.

The first question is:

If we also enable CBAC inbound, while CBAC is already configured outbound. What will happen to any existing outbound connections (Session) created by the original instance of CBAC ?

The Second question is:

What will happen if turn off auditing with ip inspect statement audit-trial off for an already applied outbound IP ip inspect CBAC instance ?

I assume it will not delete existing session, and merely turn off auditting for the specific protocol. Can anyone in Cisco Confirm this.

The third and final Question is:

For the New(second) CBAC inspect instance inbound what will the impact be of not having inbound and one permit any any ACL returning path access-list mentioned earlier be this inbound CBAC flow ?

Any input is appreciated...

Thanks in advance,



Re: CBAC Inner Workings

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

CreatePlease to create content