Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Question about CBAC

I'd like some help understanding an aspect of firewalling. I have CBAC configured on an ISR. The WAN (outside) interface is configured with an ACL that will not allow traffic to come in. CBAC's job is to allow temporary openings in this ACL for connections initiated on the LAN (inside) interface and close them when the transmission ends. So, in this case I would be configuring inspection ("ip inspect X in") on the inside interface so that traffic leaving the LAN is checked, correct?

My question is, what exactly is being inspected? I know that the inspection is happening at the application layer, but beyond that I'm not sure what the firewall is looking for. So, let's assume a telnet session is initiated inside the network to a host outside. A temporary port is opened on the external interface's ACL to allow the transmission. Now the inspection is looking at the telnet session's traffic as it enters the inside interface. What is it looking for exactly?


Cisco Employee

Re: Question about CBAC

CBAC inspects protocol upto the application layer.

It can watch protocol traffic and see what dynamic ports to open for the return traffic for the protocol.

It also monitors signaling and commands for certain protocols like ftp

Example : If user is telnetting to a server on the Internet. When the outbound traffic hits the Internet interface, the CBAC creates temporary opening to permit the traffic to the server. This information is maintained in the session state table. The return traffic is permitted because the session state table indicates that inbound packets are part of the original session that was initiated by User.

Hope this helps.


CreatePlease to create content