IOS IDS/Firewall blocks https connections
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2006 12:47 PM - edited 03-10-2019 01:53 AM
Starting from 12.3(5) ending with 12.3(17a) on all our 7200 and 7500 routers, applying ip audit input on internal interface or ip audit out on external interface immediately stops all https websites. I was trying to disable all https and http signatures but situation looks similar. Due to fact that we had lots of problems with 12.3T and 12.4 upgrade is not possible (routers restarts, VIPs crashes etc.). Even if I only apply alarm for info and attack signatures, https still cannot pass through and logs are empty.
Is there any workaround for this problem? Thanks!
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2006 09:16 PM
Sounds like you're hitting this:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32778&Submit=Search
Note that this bug specifically talks about SSH/Telnet connections through the router, but this bug has numerous others linked to it that deal with pretty much all types of TCP traffic (including HTTPS).
The bug is fixed in 12.3(9.4) and later, so not sure why you're seeing it on 12.3(17a). Try the workaround (apply "ip inspect" to the interface as well) to confirm if you're hitting this bug.
