Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
0
Helpful
3
Replies

IOS CBAC

hussamchawa
Level 1
Level 1

‎04-04-2001 11:45 PM - edited ‎03-08-2019 08:08 PM

Can CBAC works on a router that has behind it a firewall running PAT. Or maybe CBAC is not necessary since we have a firewall in place.

Labels:
0 Helpful
3 Replies 3

s-doyle
Level 3
Level 3

‎04-10-2001 06:55 AM

I think it’s probably overkill and likely to create more problems than what it’s worth. Check the integrity of your existing solution. If it meets your security policy and you’re happy with its performance and reliability, stick with that. If not, you might want to consider replacing it with the IOS Firewall feature set.

0 Helpful

mtashiro
Level 1
Level 1

‎04-11-2001 06:10 PM

This does work, however, keep in mind the load you can put on your router. We have seen performance issues using a 2620 and CBAC. You may want to consider using a 2650 if you do decide to use CBAC and traffic is high.

It may be better if you use an access-list on the border router and let the firewall catch everyting else.

0 Helpful

tgronke
Level 1
Level 1
In response to mtashiro

‎06-01-2001 07:23 PM

CBAC can expose a few unexpected problems. In one case a badly-behaved NT workstation spewed DNS lookups and exceeded the threshhold set for maximum sessions per minute, effectively shutting down the interface. In another case we found old NCD X-terminals using TFTP to boot didn't set up their UDP port numbers correctly, and the "inspect name tftp" statement prevented their TFTP requests from reaching a server.

0 Helpful
Customers Also Viewed These Support Documents