Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
2
Replies

Slow response to internet & CBAC - "ip inspect name <inspect-name> http"

pmcdermond
Level 1
Level 1

‎01-16-2003 08:27 AM - edited ‎03-09-2019 01:42 AM

If you configure "ip inspect name <inspection-name> http" command globally on a router with firewall ios software but do not configure a standard access-list, websites accessed with embedded java applets, that are blocked, become extremely slow to access through the internet. My questions:

1.) Could someone explain why this occurs to me in more detail?

2.) Do you recommend using this command?

3a.) Could someone provide a list of hostile (java applet) addresses to block (if this general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?

3b.) Could someone provide a list of friendly (java applet) addresses to permit (if such a general list exists) to help create a std ACL to use with the "ip inspect name (http)" command?

Labels:
0 Helpful
2 Replies 2

a-vazquez
Level 6
Level 6

‎01-22-2003 08:18 AM

I think your question is contradictory. The access list is configured to block hostile addresses. Since you have not configured one how do you say its blocked?

0 Helpful

pmcdermond
Level 1
Level 1
In response to a-vazquez

‎01-22-2003 08:58 AM

Because no standard access-list was configured, I thought the "implicit deny all" rule applied but maybe that was not the case. Regardless, I am most curious to find out why some websites accessed took 30-40 seconds to load with the "ip inspect name http" command configured but were immediately accessible once the command was removed.

0 Helpful
Customers Also Viewed These Support Documents