Slow response to internet & CBAC - "ip inspect name <inspect-name> http"
If you configure "ip inspect name <inspection-name> http" command globally on a router with firewall ios software but do not configure a standard access-list, websites accessed with embedded java applets, that are blocked, become extremely slow to access through the internet. My questions:
1.) Could someone explain why this occurs to me in more detail?
2.) Do you recommend using this command?
3a.) Could someone provide a list of hostile (java applet) addresses to block (if this general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?
3b.) Could someone provide a list of friendly (java applet) addresses to permit (if such a general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?
Re: Slow response to internet & CBAC - "ip inspect name <inspect
Because no standard access-list was configured, I thought the "implicit deny all" rule applied but maybe that was not the case. Regardless, I am most curious to find out why some websites accessed took 30-40 seconds to load with the "ip inspect name http" command configured but were immediately accessible once the command was removed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...