Cisco IOS Firewall Issues with Windows Update

- V
- VeeDub
  
  Contact options for registered users
posted
17 years ago

Sun, Jan 21, 2007 2:38 PM

I have implement a "deny any any" ACL on my outside interface of a 1841 using the Cisco IOS. On the inside interface I have applied an "ip inspect" statement to enable CBAC stateful inspection for the specified protocols including HTTP, HTTPS and FTP. Now using Windows Update I can browse to the site and view my required downloads but when I start the download nothing download loads. This only started happeing after apply the ACL and inpsect statement. Can anyone tell me what I need to do further on the inspect statement to allow Windows Update to download its updates?

Thanks

Loading thread data ...

- B
- Bod43
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Sun, Jan 21, 2007 10:45 PM

I don't know how windows updates works and this may not be the issue however the inspect "http" statement is in my view missleadingly named.

When you configure "inspect http" you block all java traffic. It might have been better called "inspect http-block-java" but it is not.

It is possible to confgure an access-list in some way to allow java from particular ip addresses. I forget the syntax. should be easy to look up.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.