Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2185
Views
0
Helpful
0
Replies

IP INSPECT Not working in ISR 4331

ranjit123
Level 3
Level 3

‎01-11-2017 05:37 AM - edited ‎03-05-2019 07:49 AM

Hello All,

We  are migrating from cisco 2811 to ISR 4331 and have IP INSPECT configured on the routers which includes the below config

==========================================

ip inspect name <name >  tcp alert on timeout 1800
ip inspect name <name>  udp alert on timeout 1800

==========================================

Accordingly i referred a link on support forum and below is the config i amended

===================================================================


class-map type inspect match-any FIREOUT
 match protocol tcp 
 match protocol udp
!
policy-map type inspect INTERNET-POLICY
 class type inspect FIREOUT
  inspect
 class class-default
!
zone security inside
 description Bay Network
zone security outside
 description Internet
zone-pair security BAY source inside destination outside
 service-policy type inspect INTERNET-POLICY

///////////interface gig0/0/0///////////
zone-member security inside
///////////interface gig0/0/1//////////
zone-member security outside

======================================================================

Now for TCP and UDP to send alerts on timeout 1800 do i need to configure parameter-map for the same

or any example of the sample configuration that i can refer to

Regards,

Ranjit

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card