02-15-2009 07:58 PM - edited 03-11-2019 07:50 AM
Can Cisco2821 and Cisco2811 routers support Stateful Packet Inspection. If yes, how to configure it? If No, kindly provide supporting documents/links etc.
Thanks and Regards,
Ashish
02-16-2009 03:10 AM
Dear All,
I found that SPI is configurable on Cisco2821 router. Could you let me know:
Is Statefull Packet Inspection (SPI) and CBAC (Context Based Access Control) are one and the same thing?
Regards
02-19-2009 08:53 PM
02-22-2009 04:57 AM
you will have to replace the "echo-reply" with "echo" in access-list 100 for a start, without which you will not be able to initiate a ping from unprotected networks.
and permit for ftp-data 20 , i don't think it's required as you are inspecting ftp connections originating from your protected network. Rest everything looks fine.
02-22-2009 10:44 PM
Hi Vikram,
Is the application of the ACL and the Inspection rule on the Outside and Inside interfaces respectively in inbound direction, correct ?
Thanks,
Ashish
02-23-2009 12:09 AM
Hi Ashish,
The directions are correct, the inspections configured inbound are going to punch holes in the ACL 100 to accomodate the return traffic.
Vikram
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide