02-06-2009 07:33 AM - edited 03-11-2019 07:47 AM
I have a 2811 router with IP Inspect enable for Ingress traffic but it is quite generic:
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall icmp
ip inspect name firewall dns
int Serial1/1
ip inspect firewall out
Inspection name firewall
tcp alert is on audit-trail is off timeout 3600
udp alert is on audit-trail is off timeout 30
icmp alert is on audit-trail is off timeout 10
dns alert is on audit-trail is off timeout 30
I have an application that connects outbound that keeps timing out. It uses a specific TCP port. I'd like to increase this TCP port's timeout period, but keep the other TCP ports at the default.
Is this possible?
Router(config)#ip inspect name firewall tcp ?
alert Turn on/off alert
audit-trail Turn on/off audit trail
router-traffic Enable inspection of sessions to/from the router
timeout Specify the inactivity timeout time
<cr>
02-12-2009 06:38 AM
This is the syntax for CBAC.
ip inspect name inspection-name protocol [timeoutseconds]
ip inspect one-minute high
ip inspect max-incomplete high
ip inspect tcp max-incomplete host
02-12-2009 07:22 AM
It looks like I can only do that command for specific protocols though, not for a TCP or UDP port not already defined (like H323), or the entire TCP or UDP port realm.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide