Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
580
Views
0
Helpful
4
Replies

ip inspect name -Router interface does not gets ip from ISP

Go to solution
mahesh18
Level 6
Level 6

ā€Ž04-28-2013 04:42 PM - edited ā€Ž03-11-2019 06:36 PM

Hi all,

My router interface gets ip from ISP modem.

router interface has command

ip address dhcp.

I applied ACL to deny all incoming traffic to router interface fa0/0 which connects to ISP

I have applied CBAC on router and currently allow this traffic to go outside

ip inspect name REMEMBER tcp

ip inspect name REMEMBER udp

ip inspect name REMEMBER icmp

ip inspect name REMEMBER dns

ip inspect name REMEMBER ntp

ip inspect name REMEMBER bootps

ip inspect name REMEMBER bootpc

Need to know what inspect i should allow so that router can get ip,dns,gateway address from ISP?

if i need to access the http or https websites do i need to add the inspect http or https?

also am i missing something under inspection to allow from inside?

Thanks

Mahesh

Message was edited by: mahesh parmar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž04-29-2013 01:17 AM

Hi,

add this to your config because by default CBAC won't inspect traffic generated by the router.

ip inspect name REMEMBER dns router-traffic

ip inspect name REMEMBER ntp  router-traffic

ip inspect name REMEMBER bootps router-traffic

ip inspect name REMEMBER bootpc router-traffic

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
cadet alain
VIP Alumni
VIP Alumni

ā€Ž04-29-2013 01:17 AM

Hi,

add this to your config because by default CBAC won't inspect traffic generated by the router.

ip inspect name REMEMBER dns router-traffic

ip inspect name REMEMBER ntp  router-traffic

ip inspect name REMEMBER bootps router-traffic

ip inspect name REMEMBER bootpc router-traffic

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to cadet alain

ā€Ž04-29-2013 11:51 AM

Hi Alain,

I will test this today and will update you.

Regards

Mahesh

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to mahesh18

ā€Ž04-29-2013 05:37 PM

Hi Alain,

Seems my router has no option for router traffic

ip inspect name REMEMBER       bootpc ?

  alert        Turn on/off alert

  audit-trail  Turn on/off audit trail

  timeout      Specify the inactivity timeout time

 

But i applied ACL on inside to allow

permit udp any any eq bootpc

that fixed the issue.

Many thanks for answering the questions and letting me know about router traffic option.

Regards

MAhesh

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to mahesh18

ā€Ž04-30-2013 12:08 AM

Hi,

don't forget the DNS and the NTP traffic too as you mentioned in your first post.

theree's also a router trick to make the CBAC take into account this router generated traffic: make it a transit traffic by sending it to a loopback interface with a local PBR.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card