Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
1
Replies

Configuring :NAT/PAT and IP inspect

bapatsubodh
Level 1
Level 1

‎07-01-2009 06:56 AM - edited ‎03-11-2019 08:49 AM

Hi,

We have configured 1800 ISR to access internet using and NAT ( actually PAT ) and overload feature.

SImple mode fa0/0 is inside interface and fa0/1 is outside interface.

We need to apply ip inspect and enable IOS firewall as a security feature.

How do we apply IP inspect rules for the traffic that is being NATed or we need just to apply it.

Please share experience of configuring ip inspection with NAT/PAT.

any configuration link on cisco.com?

Thanks in advance.

Subodh

Labels:
0 Helpful
1 Reply 1

networker99
Level 1
Level 1

‎07-01-2009 07:30 AM

The IP inspect uses CBAC which works the same way as SPI function on a regular firewall. There are 3 steps.

1. configure NAT/PAT (which you have done)

2. Allow the required traffic outbound (ACL)

3. Create the IP inspect rules and apply them to the interface. The IP inspect rules should contain the traffic that should be permitted back in (replies to outbound requests) even though the ACL denies

** Creating INSPECT ***

ip inspect name MYTRAFFIC ftp

ip inspect name MYTRAFFIC http

ip inspect name MYTRAFFIC https

** Applying to interface **

On the interface you wish to permit the traffic

ip inspect MYTRAFFIC out

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card