- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
CBAC [7:103116] posted 09/28/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

I'm wondering that how CBAC can handle the fragments on the TCP connection
when internal users try to connect to outer services. I know that, for
outbound connection, the ACL will be processed first then the CBAC. Only the
initial fragment on TCP data contains full information of L3/L4. The rest
traffic contain only L3 information, so how can CBAC recognize whether they
belong with which connection? I configured the router just as

ip inspect fw http
ip inspect fw tcp
ip inspect fw udp

interface fast Ethernet 0/0
ip inspect fw out

But the users cannot surf web by this CBAC. Why?

Message Posted at:
FAQ, list archives, and subscription info: