Hi All,

I would like some light into the weird behaviour of IP INSPECT.

Here is my setup:

I have 3 sites, each having its own Router

Site A cisco 1721

Site B cisco 3745

Cite C cisco 1721

B is the main Router and A and C are connected to it with FR-ATM such as i am showing in the attached document

Please Note that the 3745 is connected to the other sites with ATM subinterfaces.

I have inherited this configuration, and i am sure that the IP Inspect statements are a bit messy.

There are ACLs applied IN and OUT on the internet interface (obviously for protection) and also the IP INSPECT STOP OUT Statement .which says :

ip inspect name STOP tcp

ip inspect name STOP ftp

ip inspect name STOP h323

ip inspect name STOP rcmd

ip inspect name STOP netshow

ip inspect name STOP realaudio

ip inspect name STOP rtsp

ip inspect name STOP sqlnet

ip inspect name STOP streamworks

ip inspect name STOP tftp

ip inspect name STOP udp

ip inspect name STOP vdolive

ip inspect name STOP smtp

ip audit notify log

ip audit po max-events 100

The ACL that is APPLIED INWARDS is:

ip access-list extended IN_ACL

permit tcp host 10.189.31.61 host 10.189.10.114

permit tcp host 10.189.31.61 host 10.51.22.6

permit udp host 10.189.10.113 host 10.189.10.114 eq isakmp

permit ahp host 10.189.10.113 host 10.189.10.114

permit esp host 10.189.10.113 host 10.189.10.114

permit icmp host 10.189.10.113 host 10.189.10.114

permit tcp host 10.189.51.23 host 10.51.11.2 eq 7777

permit tcp host 10.189.51.23 host 10.51.11.2 eq 4443

deny ip any any

THE ACL applied OUTWARDS is

ip access-list extended OUT_ACL

permit tcp host 10.51.22.6 eq telnet host 10.189.31.61

permit tcp host 10.51.11.2 eq 4443 host 10.189.51.23

permit tcp host 10.51.22.6 host 10.189.31.147 eq www

permit tcp host 10.51.22.6 host 10.189.31.148 eq www

permit tcp host 10.51.22.6 host 10.189.31.131 eq www

permit tcp host 10.51.22.6 host 10.189.31.132 eq www

permit tcp host 10.51.22.6 host 10.189.31.99 eq www

permit tcp host 10.51.22.6 host 10.189.31.115 eq www

permit tcp host 10.51.22.6 host 10.189.31.116 eq www

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.115 eq pop3

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.116 eq pop3

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.115 eq smtp

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.116 eq smtp

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.195 eq ftp

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.195 eq ftp-data

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.115 eq 389

permit tcp 10.51.0.0 0.0.255.255 host 10.189.31.116 eq 389

permit udp 10.51.0.0 0.0.255.255 host 10.189.31.163 eq domain

permit tcp host 10.51.22.131 host 10.189.31.83 eq 1352

permit tcp host 10.51.22.131 host 10.189.31.84 eq 1352

permit tcp host 10.51.22.137 host 10.189.31.83 eq 1352

permit tcp host 10.51.22.137 host 10.189.31.84 eq 1352

deny ip any any

With the current Setup we had all sorts of weird things going on (not working i mean)

The only way to get things to work normally is to apply an IP INSPECT STOP OUT on every ATM subinterface on the 3745 router, and also apply IP INSPECT STOP OUT on the LAN of the 3745.

By doing this, i can get things to work.

One thing that does not work is trying to access a server using UNC Path (\\servername )or even (\\IP_Address )located at Site C LAN from a PC at Site A (no ACLs or IP INSPECTS are applied on site A and C routers)

From Lan B to Server on LAN C is working

From Server on LAN C to machines on LAN B or LAN A is working.

If i remove the IP INSPECT commands, on the Site A and Side B ATM subints UNC works properly, but then Remote Desktop does not work.

What i would like to know is how IP inspect is affecting this and a value from 0 to 10 how effective this IP INSPECT Configuration is (I believe is 0 )

I hope i did not bore you.

Hope u can help me out.

Thanks,

George