Hi all,

I have problem with ip inspect. I have Cisco 2811 connected to 8Mb/s line with this config (only important parts):

ip cef

!

!

no ip bootp server

ip domain name cebia.cz

ip name-server 80.95.96.7

ip name-server 80.95.96.11

ip inspect log drop-pkt

ip inspect name cebiaRule ftp

ip inspect name cebiaRule icmp

ip inspect name cebiaRule smtp

ip inspect name cebiaRule https

ip inspect name cebiaRule dns

ip inspect name cebiaRule time

ip inspect name cebiaRule isakmp

ip inspect name cebiaRule ipsec-msft

ip inspect name cebiaRule daytime

ip inspect name cebiaRule ntp

ip inspect name cebiaRule timed

ip inspect name cebiaRule ftps

ip inspect name cebiaRule tcp

ip ips sdf location flash://128MB.sdf

ip ips notify SDEE

ip ips name sdm_ips_rule

<--omitted-->

interface FastEthernet0/0

description OUTSIDE

ip address x.x.x.x x.x.x.x

ip access-group 104 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect cebiaRule out

ip ips sdm_ips_rule in

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no cdp enable

no mop enabled

Everything is OK, but if I add to config command "ip inspect name cebiaRule http", I have only about 40kB/s throughput for HTTP, all other protocols are OK. If I use command

ip inspect name cebiaRule http java-list 10

access-list 10 permit host y.y.y.y

then HTTP from host y.y.y.y is on full speed, but from other hosts is limited to cca 40 kB/s. It seems I cannot have more then cca 40 kB/s throughput on this router with ip inspect http active - is it right? Or there is a way to get higher throughput with ip inspect http active? I am not very skilled in ip inspect, so any comment or advise will be highly appreciated. Thanks in advance.

Regards

Lukas Mecir, Albit Technologies