Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
5
Helpful
2
Replies

IOS Firewall/CBAC - Router initiated return packets dropped?

ryang
Level 1
Level 1

‎12-21-2002 12:47 AM - edited ‎03-09-2019 01:28 AM

I have configured an IOS router with CBAC/Firewall. I have configured an outbound inspect on the external interface, which adds the appropriate entries for return packets from the internet. And accordingly, I have an inbound ACL on the external interface that deny's most traffic inbound.

This works just fine when traffic is initiated by the workstations on the inside network to the internet (through the external interface), the configuration is not much different than most of the examples I have found.

My problem is that connections initiated from the router itself (DNS, telnet, traceroute, etc) do not seem to be caught by the outbound inspect, causing dynamic ACL entries to not be created for inbound data, and the return packets get denied.

Is this normal behavior for CBAC, or am I missing something simple?

Thanks for any input.

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎12-27-2002 10:17 PM

This is normal behaviour, sorry.

0 Helpful

emra
Level 1
Level 1

‎12-30-2002 07:19 AM

Packets with the firewall as the source or destination address are not inspected by CBAC or evaluated by access lists.

Customers Also Viewed These Support Documents