https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118367#M915257 <P></P><P>I seem to be having issues with CBAC on a 877.</P><P></P><P>I have tried accessing certain webpages without the CBAC setting and there is no issue.</P><P></P><P>Some websites seem fine, whereas others partially load or not at all. For example elements of the cisco homepage do not load, specifically the animated section. I have test a few websites and some don't seem to come up all all, youtube and ebay are a couple of example.</P><P></P><P>My CBAC configuration should be pretty standard, I have an ACL denying almost everything except some ICMP (it starts deny UPD/TCP then allows ICMP), and the inspect statements cover most protocols.</P><P></P><P>I have noticed that my deny ACL statement is blocking some packets...</P><P></P><P>Dave</P> Mon, 11 Mar 2019 13:25:41 GMT davidjbradley 2019-03-11T13:25:41Z https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118367#M915257 <P></P><P>I seem to be having issues with CBAC on a 877.</P><P></P><P>I have tried accessing certain webpages without the CBAC setting and there is no issue.</P><P></P><P>Some websites seem fine, whereas others partially load or not at all. For example elements of the cisco homepage do not load, specifically the animated section. I have test a few websites and some don't seem to come up all all, youtube and ebay are a couple of example.</P><P></P><P>My CBAC configuration should be pretty standard, I have an ACL denying almost everything except some ICMP (it starts deny UPD/TCP then allows ICMP), and the inspect statements cover most protocols.</P><P></P><P>I have noticed that my deny ACL statement is blocking some packets...</P><P></P><P>Dave</P> Mon, 11 Mar 2019 13:25:41 GMT https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118367#M915257 davidjbradley 2019-03-11T13:25:41Z https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118368#M915261 <HTML><HEAD></HEAD><BODY><P>Hi Dave,</P><P></P><P>Try adjusting your CBAC config to *only* inspect TCP, UDP, and FTP and see if that makes a difference.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 05 Aug 2008 22:04:07 GMT https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118368#M915261 robertson.michael 2008-08-05T22:04:07Z https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118369#M915265 <HTML><HEAD></HEAD><BODY><P>through what you said </P><P>i guess is related to flash player and JAVA</P><P>just track those things</P><P></P><P>good luck</P></BODY></HTML> Wed, 06 Aug 2008 02:15:49 GMT https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118369#M915265 Marwan ALshawi 2008-08-06T02:15:49Z https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118370#M915269 <HTML><HEAD></HEAD><BODY><P>Hi I solved my issue.. </P><P></P><P>"ip virtual-reassembly" was disabled and it appears that the fragments were getting dropped by the firewall policies. I still don't really understand why this causes issues with some issues, but I must be realed to the content in the HTML.</P><P></P><P>Dave</P></BODY></HTML> Wed, 06 Aug 2008 06:23:04 GMT https://community.cisco.com/t5/network-security/cbac-is-blocking-some-website-content/m-p/1118370#M915269 davidjbradley 2008-08-06T06:23:04Z