We have a customer with live CBAC installation currently running and working in one direction doing basic auditing for TCP and UDP, with no returning path access-lists in place, only a permit any any outbound ACL.
We merely trying to monitor traffic flow at this stage, not provide any protection yet. The customer also want to turn off existing outbound auditing for CBAC.
The customer wishes to add CBAC in the opposite direction to do auditing of
inbound traffic for TCP and UDP in order to learn the inbound traffic flow / behaviour.
The first question is:
If we also enable CBAC inbound, while CBAC is already configured outbound. What will happen to any existing outbound connections (Session) created by the original instance of CBAC ?
The Second question is:
What will happen if turn off auditing with ip inspect statement audit-trial off for an already applied outbound IP ip inspect CBAC instance ?
I assume it will not delete existing session, and merely turn off auditting for the specific protocol. Can anyone in Cisco Confirm this.
The third and final Question is:
For the New(second) CBAC inspect instance inbound what will the impact be of not having inbound and one permit any any ACL returning path access-list mentioned earlier be this inbound CBAC flow ?
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...