Cisco IOS Firewall Issues with Windows Update


I have implement a "deny any any" ACL on my outside interface of a 1841 using the Cisco IOS. On the inside interface I have applied an "ip inspect" statement to enable CBAC stateful inspection for the specified protocols including HTTP, HTTPS and FTP. Now using Windows Update I can browse to the site and view my required downloads but when I start the download nothing download loads. This only started happeing after apply the ACL and inpsect statement. Can anyone tell me what I need to do further on the inspect statement to allow Windows Update to download its updates?


Reply to
Loading thread data ...

I don't know how windows updates works and this may not be the issue however the inspect "http" statement is in my view missleadingly named.

When you configure "inspect http" you block all java traffic. It might have been better called "inspect http-block-java" but it is not.

It is possible to confgure an access-list in some way to allow java from particular ip addresses. I forget the syntax. should be easy to look up.

Reply to
Bod43 Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.