https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917935#M153892 <DIV class="field field-name-body field-type-text-with-summary field-label-hidden"> <DIV class="field-items"> <DIV class="field-item even" property="content:encoded"> <P>Hello all,</P> <P></P> <P>I have seen that the ip inspect feature sends sometimes some RST packets. I would like to know if it was possible to keep the ip inspect feature enabled and doing its job but without sending the RST packets. I do not have the customer's configuration but it is just a theoretical question.</P> <P></P> <P>Do not hesitate to come back to me if you need further information. Thanks in advance for the help !</P> <P></P> <P>Best regards,</P> <P></P> <P>Thomas</P> </DIV> </DIV> </DIV> Tue, 12 Mar 2019 07:44:51 GMT tscaon001 2019-03-12T07:44:51Z https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917935#M153892 <DIV class="field field-name-body field-type-text-with-summary field-label-hidden"> <DIV class="field-items"> <DIV class="field-item even" property="content:encoded"> <P>Hello all,</P> <P></P> <P>I have seen that the ip inspect feature sends sometimes some RST packets. I would like to know if it was possible to keep the ip inspect feature enabled and doing its job but without sending the RST packets. I do not have the customer's configuration but it is just a theoretical question.</P> <P></P> <P>Do not hesitate to come back to me if you need further information. Thanks in advance for the help !</P> <P></P> <P>Best regards,</P> <P></P> <P>Thomas</P> </DIV> </DIV> </DIV> Tue, 12 Mar 2019 07:44:51 GMT https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917935#M153892 tscaon001 2019-03-12T07:44:51Z https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917936#M153893 <P>Hello;&nbsp;</P> <P></P> <P>This can only be done for the following scenarios:</P> <P>If traffic is being denied by an ACL.&nbsp;</P> <P>If AAA denies the traffic</P> <P>If the packets that come, do not belong to an existing connection.&nbsp;</P> <P></P> <P>I have not seen an specific case where the inspection sends a RST packet (it does not mean it doesnt happen), which inspection feature is sending you the reset?&nbsp;</P> <P></P> <P>Mike.&nbsp;</P> Fri, 13 May 2016 13:09:14 GMT https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917936#M153893 Maykol Rojas 2016-05-13T13:09:14Z https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917937#M153894 <P>Hi -</P> <P>Some inspections permit you to modify their behavior and some don't.</P> <P>For example the default ESMTP inspection will cause the connection to drop if the mail servers do not establish a TLS session.&nbsp; This behavior can be modified or turned off.</P> <P>Conversely, ICMP inspection cannot be modified.&nbsp;Just enabled or disabled.</P> <P>PSC</P> Sun, 15 May 2016 16:45:30 GMT https://community.cisco.com/t5/network-security/ip-inspect-feature-general-question/m-p/2917937#M153894 Paul Chapman 2016-05-15T16:45:30Z