2621XM - np ip inspect causes failure - Cabling-Design.com Forums

- C
- Chris
  
  Contact options for registered users
posted
18 years ago

Tue, Dec 13, 2005 3:36 PM

We are having a problem with browsing a particular web site - half of the packets are dropped and it takes a long time to load the page. The site is good, and we have no problems with any other sites. As a troubleshooting step the tech from the ISP had me enter the command NO IP INSPECT ETHERNET - to stop filtering on the ethernet level. When we do this the internet goes down. We can still ping outside IP's - but no browsing. I am not a Cisco pro, but I am being told this should not happen. Any ideas or has anyone had this happen before? The config has been looked at by a couple people and nothing stands out to them. IOS ver 12.3(3a). Thanks!

Chris.

- M
- Merv
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Tue, Dec 13, 2005 4:45 PM

There are quite a few CBAC bugs that have been fixed in higher 12.3 releases so you might want to try upgrading the IOS version being sued

- C
- Chris
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Dec 14, 2005 4:04 AM

Problem was fixed. Apparently if you have an access list, you have to remove that before removing IP inspect. The problem in our config was the ip inspect http. The word from Cisco is that many people use that command incorrectly to inspect web traffic, when it really blocks some java functions. Who knew?

Chris.

- A
- anybody43
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Wed, Dec 14, 2005 2:22 PM

Is this what you want?

ip inspect name any-name http

When applied to an interface:-

turns on java blocking

Obviously!