Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

IP inspect feature general question

tscaon001
Level 1
Level 1

‎05-12-2016 11:59 PM - edited ‎03-12-2019 12:44 AM

Hello all,

I have seen that the ip inspect feature sends sometimes some RST packets. I would like to know if it was possible to keep the ip inspect feature enabled and doing its job but without sending the RST packets. I do not have the customer's configuration but it is just a theoretical question.

Do not hesitate to come back to me if you need further information. Thanks in advance for the help !

Best regards,

Thomas

Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎05-13-2016 06:09 AM

Hello; 

This can only be done for the following scenarios:

If traffic is being denied by an ACL. 

If AAA denies the traffic

If the packets that come, do not belong to an existing connection. 

I have not seen an specific case where the inspection sends a RST packet (it does not mean it doesnt happen), which inspection feature is sending you the reset? 

Mike. 

Mike
0 Helpful

Paul Chapman
Level 4
Level 4
In response to Maykol Rojas

‎05-15-2016 09:45 AM

Hi -

Some inspections permit you to modify their behavior and some don't.

For example the default ESMTP inspection will cause the connection to drop if the mail servers do not establish a TLS session.  This behavior can be modified or turned off.

Conversely, ICMP inspection cannot be modified. Just enabled or disabled.

PSC

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card