Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Slow response to internet & CBAC - "ip inspect name <inspect-name> http"

If you configure "ip inspect name <inspection-name> http" command globally on a router with firewall ios software but do not configure a standard access-list, websites accessed with embedded java applets, that are blocked, become extremely slow to access through the internet. My questions:

1.) Could someone explain why this occurs to me in more detail?

2.) Do you recommend using this command?

3a.) Could someone provide a list of hostile (java applet) addresses to block (if this general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?

3b.) Could someone provide a list of friendly (java applet) addresses to permit (if such a general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?

2 REPLIES
Silver

Re: Slow response to internet & CBAC - "ip inspect name <inspect

I think your question is contradictory. The access list is configured to block hostile addresses. Since you have not configured one how do you say its blocked?

New Member

Re: Slow response to internet & CBAC - "ip inspect name <inspect

Because no standard access-list was configured, I thought the "implicit deny all" rule applied but maybe that was not the case. Regardless, I am most curious to find out why some websites accessed took 30-40 seconds to load with the "ip inspect name http" command configured but were immediately accessible once the command was removed.

226
Views
0
Helpful
2
Replies