Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
2
Replies

clienless webvpn and reflexive access list firewall

luboto1902
Level 1
Level 1

‎01-14-2015 05:33 AM - edited ‎03-11-2019 10:20 PM

I have a Cisco Router 3825 with WEBVPN server and Reflexive access list Firewall. All is well but when i try from outside to go to WEBVPN server and try trought WEBVPN site to open some web Site it dosen`t work. For example when i try to open yahoo.com, the log shows

"%SEC-6-IPACCESSLOGP: list ACL-FILTER-IN denied tcp 98.138.253.109(80) -> my_ip_address(45341), 1 packet  [ACL_ERROR]"

98.138.253.109 is yahoo.com ip address

Can you give my advice how to solve this problem? 

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎01-14-2015 05:57 AM

If you have WEBVPN, then you have the Security-image/license on your router. That means that you are not restricted to reflexive ACLs, you can use a "real" firewall-feature like CBAC or ZBF on that device.

0 Helpful

luboto1902
Level 1
Level 1
In response to Karsten Iwen

‎01-16-2015 06:49 AM

Yes I can use ZBF or CBAC, but in my expience  with those two types of Firewalls the Router works very slowly. Therefor i want to use Reflective Access List, can you give my any advice  how to solve this problem?    

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card