10-26-2017 10:09 AM - edited 03-01-2019 03:09 PM
Topology:
The Cisco ASR with ISG is sitting between the ISP's routeed IP subcribers (on the LAN side) and Internet edge router.
ip subscriber routed
initiator unclassified ip-address
Current state:
When an IP subscriber sends an outbound packet, ISG opens an IP session and allows bidirectional traffic to/from the IP subscriber.
Problem: Downstream access from Internet to an IP subscriber that does not have an open session is not allowed. Example: an IP camera as an IP subscriber that should be reachable from the internet. This IP camera never initiates a session because it never sends the initial packet upstream. Thus it won't be accessible from Internet ever.
Cisco has a bypass downstream traffic command for IPv6 traffic (passthru downstream ipv6) but nothing for IPv4. Any workaround for IPv4 traffic? So I want downstream IPv4 to be allowed regardless of the client session.
Thanks,
Arny
01-23-2018 04:16 AM
01-23-2018 07:44 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide