Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CBAC Help - VPN & AOL

Status
Not open for further replies.
kcbell

kcbell

IS-IT--Management
Joined
Dec 27, 2001
Messages
275
I am learning and using a 3101 router with verion 12.1 IOS. I am using "ip inspect" with RULE1 for my Ethernet 0 port.

! Ethernet inside port
ip inspect RULE1 in

With these rules, I have problem with AOL (not web base) and VPN. I know VPN has to do with ipsec. I could remove the RULE1 and both worked. Can anyone offer some help on how to solve these problems and still keep CBAC?

Thanks

! Rules
ip inspect name RULE1 http
ip inspect name RULE1 tftp
ip inspect name RULE1 tcp
ip inspect name RULE1 udp
ip inspect name RULE1 ftp
ip inspect name RULE1 h323
ip inspect name RULE1 rcmd
ip inspect name RULE1 realaudio
ip inspect name RULE1 smtp
ip inspect name RULE1 sqlnet
ip inspect name RULE1 streamworks
ip inspect name RULE1 vdolive

 
Sort by date Sort by votes
Are you using any access list with your CBAC config?
 
Upvote 0 Downvote
Let me give you a little more information. The 3101 is for home network with cable modem coming in to E1 and home network in E0. All home computers are connected via a hub and DHCP by the 3101 and it is NATing to the internet.

ip access-group 101 in

access-list 101 permit icmp any any
access-list 101 permit udp host 10.128.128.20 any eq domain
access-list 101 permit tcp host 10.128.128.20 any eq smtp
access-list 101 permit tcp host 10.128.128.20 any eq pop3
access-list 101 permit ip any any
 
Upvote 0 Downvote
I need the full config to identify the problem.



access-list 101 permit ospf any any
access-list 101 permit tcp 1.1.1.1 0.0.0.255 any eq www
access-list 101 deny ip any any
This will permit ospf traffic and will permit http traffic from 1.1.1.1 network and denied all other.

have you applied the access-list and inspection rule to the correct intface? If the access-list is applied in reverse it will not work.

Try sh and debug command. sh ip access-lists
debug ip inspect http ...etc.-
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
698
Jared R
Jared R
inlsp05
  • Locked
  • Question Question
2811&2960 48 volts wiring diagram
Replies
1
Views
623
BOKA
BOKA
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
316
quazimotto
quazimotto
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
896
BIS
BIS
bfordz
  • Locked
  • Question Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
355
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top