Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Silver

IOS CBAC and ACL on 2801 router with Adv Security

Hi,

Just wondering if CBAC has a limitation on how many sessions it can keep open?

Im not looking at half open sessions. I realise this is a seperate setting.

I basically have IP Inspect setup and it has been working fine. Recently there has been a huge increase in DNS requests from our site which is getting counted by CBAC. Only a couple of TCP sessions are making it through to the open state.

Any ideas or helpful debugs for this one? Have had a look at the standard ones.

It seems that the outside ACL is blocking the return packets for certain sessions. Almost like the IP INSPECT tables are full and it doesnt count those sessions any more and open the dynamic return path.

Sorry if that was a bit vague! Running on way too little sleep here!

Cheers,

Tim.

1 REPLY
New Member

Re: IOS CBAC and ACL on 2801 router with Adv Security

Can you send me the following informations regarding your connections.

1. output of show ip inspect stats

2. show log

Also, can you give me an estimate of how many half open sessions you have on an average.

These details will give me more idea on the problem.

105
Views
0
Helpful
1
Replies
CreatePlease to create content