Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
1
Replies

IOS IDS/Firewall blocks https connections

lukaszwisniowski
Level 1
Level 1

‎02-14-2006 12:47 PM - edited ‎03-10-2019 01:53 AM

Starting from 12.3(5) ending with 12.3(17a) on all our 7200 and 7500 routers, applying ip audit input on internal interface or ip audit out on external interface immediately stops all https websites. I was trying to disable all https and http signatures but situation looks similar. Due to fact that we had lots of problems with 12.3T and 12.4 upgrade is not possible (routers restarts, VIPs crashes etc.). Even if I only apply alarm for info and attack signatures, https still cannot pass through and logs are empty.

Is there any workaround for this problem? Thanks!

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎02-16-2006 09:16 PM

Sounds like you're hitting this:

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee32778&Submit=Search

Note that this bug specifically talks about SSH/Telnet connections through the router, but this bug has numerous others linked to it that deal with pretty much all types of TCP traffic (including HTTPS).

The bug is fixed in 12.3(9.4) and later, so not sure why you're seeing it on 12.3(17a). Try the workaround (apply "ip inspect" to the interface as well) to confirm if you're hitting this bug.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card