Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ip inspect command on 2851

Hi, I have CBAC configured on my 2851 router. The IP INSPECT command is placed OUT on the T1 going to the Internet. From what I have read is that the IP INSPECT should be placed on the LAN interface going IN. I am asking this because I just connected another T1 to another ISP just for web browsing. I have also placed the IP INSPECT on the T1 going out. Right after I did that the router suffered huge performance issues. The router utilization is very low but it would take 10-20 sec. to load a web page. Can anyome tell if I can use same IP INSPECT command on two different interfaces? and if I need to move the IP INSPECT to LAN IN as apposed to the T1 going OUT?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ip inspect command on 2851

so definitely take it off of two interfaces.

I would do ip inspect in on your ethernet interface and then an access-list in on your T1 interface.

This way you inspect your traffic going out.. but people that need connectivity to a resource on your internal network will have to traverse the access-list.

I have done this in the past and it works fine.

1 REPLY
New Member

Re: ip inspect command on 2851

so definitely take it off of two interfaces.

I would do ip inspect in on your ethernet interface and then an access-list in on your T1 interface.

This way you inspect your traffic going out.. but people that need connectivity to a resource on your internal network will have to traverse the access-list.

I have done this in the past and it works fine.

132
Views
0
Helpful
1
Replies
CreatePlease to create content