09-02-2009 09:56 AM - edited 03-04-2019 05:55 AM
We have a Cisco 1811W router for our gateway to the Internet. I just setup McAfee Groupshield on a new Exchange server. When I tried to run updates, they would fail. It uses HTTP over port 80 to download the updates. The updates would start to download and the progress bar would show the percentage of the file downloaded. After about 15 - 20 seconds, the percentage stopped. After about 45 minutes, it would finally fail (still at the same percentage downloaded).
I bypassed the router and directly connected to the Internet, and the update works fine. I recently had problems with some Exchange emails getting blocked at the firewall. I went into the Firewall | Application Security and turned off inspection on ESMTP and SMTP and that solved the problem. The router is setup to inspect TCP and UDP. I think that might be part of the problem, but I don't know what to change.
Has anyone had this problem or know how to fix it? I don't know a lot about routers, so if I am way off, let me know.
Thanks,
Jason
Here is some of the configuration of the router
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
ip subnet-zero
ip cef
!
!
ip domain name yourdomain.com
ip name-server 161.164.20.201
ip name-server 151.164.67.201
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip ips po max-events 100
no ftp-server write-enable
!
09-02-2009 10:00 AM
I don't see an inspect for http traffic. You might try adding:
ip inspect name SDM_LOW http
HTH,
John
09-03-2009 10:54 AM
Thanks for the response. I added the line and it still hangs.
09-03-2009 07:10 PM
Post entire config please.
09-04-2009 06:18 AM
11-16-2009 08:00 AM
SOLVED - I upgraded to IOS 12.4(15)T11 and it works. I think there was a bug in the code for Inspect commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide