https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244246#M350873 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>add this to your config because by default CBAC won't inspect traffic generated by the router.</P><P></P><P>ip inspect name REMEMBER dns <STRONG> router-traffic</STRONG></P><P>ip inspect name REMEMBER ntp&nbsp; <STRONG>router-traffic</STRONG></P><P>ip inspect name REMEMBER bootps <STRONG>router-traffic</STRONG></P><P>ip inspect name REMEMBER bootpc<STRONG> router-traffic</STRONG></P><P></P><P>Regards</P><P></P><P>Alain</P><P></P><P>Don't forget to rate helpful posts.</P></BODY></HTML> Mon, 29 Apr 2013 08:17:11 GMT cadet alain 2013-04-29T08:17:11Z https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244245#M350872 <P>Hi all,</P><P></P><P>My router interface gets ip from ISP modem.</P><P>router interface has command</P><P>ip address dhcp.</P><P></P><P>I applied ACL to deny all incoming traffic to router interface fa0/0 which connects to ISP</P><P></P><P>I have applied CBAC on router and currently allow this traffic to go outside</P><P>ip inspect name REMEMBER tcp</P><P>ip inspect name REMEMBER udp</P><P>ip inspect name REMEMBER icmp</P><P>ip inspect name REMEMBER dns</P><P>ip inspect name REMEMBER ntp</P><P>ip inspect name REMEMBER bootps</P><P>ip inspect name REMEMBER bootpc</P><P></P><P></P><P>Need to know what inspect i should allow so that router can get ip,dns,gateway address from ISP?</P><P>if i need to access the http or https websites do i need to add the inspect http or https?</P><P></P><P>also am i missing something under inspection to allow from inside?</P><P></P><P>Thanks</P><P></P><P>Mahesh</P><P></P><P>Message was edited by: mahesh parmar</P> Tue, 12 Mar 2019 01:36:09 GMT https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244245#M350872 mahesh18 2019-03-12T01:36:09Z https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244246#M350873 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>add this to your config because by default CBAC won't inspect traffic generated by the router.</P><P></P><P>ip inspect name REMEMBER dns <STRONG> router-traffic</STRONG></P><P>ip inspect name REMEMBER ntp&nbsp; <STRONG>router-traffic</STRONG></P><P>ip inspect name REMEMBER bootps <STRONG>router-traffic</STRONG></P><P>ip inspect name REMEMBER bootpc<STRONG> router-traffic</STRONG></P><P></P><P>Regards</P><P></P><P>Alain</P><P></P><P>Don't forget to rate helpful posts.</P></BODY></HTML> Mon, 29 Apr 2013 08:17:11 GMT https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244246#M350873 cadet alain 2013-04-29T08:17:11Z https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244247#M350874 <HTML><HEAD></HEAD><BODY><P> Hi Alain,</P><P></P><P>I will test this today and will update you.</P><P></P><P>Regards</P><P>Mahesh</P></BODY></HTML> Mon, 29 Apr 2013 18:51:27 GMT https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244247#M350874 mahesh18 2013-04-29T18:51:27Z https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244248#M350875 <HTML><HEAD></HEAD><BODY><P>Hi Alain,</P><P></P><P>Seems my router has no option for router traffic</P><P>ip inspect name REMEMBER&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bootpc ?</P><P>&nbsp; alert&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Turn on/off alert</P><P>&nbsp; audit-trail&nbsp; Turn on/off audit trail</P><P>&nbsp; timeout&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Specify the inactivity timeout time</P><P>&nbsp; <CR></CR></P><P></P><P>But i applied ACL on inside to allow </P><P> permit udp any any eq bootpc</P><P></P><P>that fixed the issue.</P><P></P><P>Many thanks for answering the questions and letting me know about router traffic option.</P><P>Regards</P><P>MAhesh</P></BODY></HTML> Tue, 30 Apr 2013 00:37:34 GMT https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244248#M350875 mahesh18 2013-04-30T00:37:34Z https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244249#M350876 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>don't forget the DNS and the NTP traffic too as you mentioned in your first post.</P><P>theree's also a router trick to make the CBAC take into account this router generated traffic: make it a transit traffic by sending it to a loopback interface with a local PBR.</P><P></P><P>Regards</P><P></P><P>Alain</P><P></P><P></P><P>Don't forget to rate helpful posts.</P></BODY></HTML> Tue, 30 Apr 2013 07:08:05 GMT https://community.cisco.com/t5/network-security/ip-inspect-name-router-interface-does-not-gets-ip-from-isp/m-p/2244249#M350876 cadet alain 2013-04-30T07:08:05Z