We have a Cisco 2621 XM internet router and a PIX 515E firewall. In the past we had an issue with not being able to access a certain web site correctly - turned out it was caused by a statement in the router that should not have been there - 'ip inspect http'. I am told this blocks java in some way. We removed that, along with an access list and then it worked fine. Fast forward a couple years and all of a sudden our internet started to crawl - that is the few sites that would come up at all would crawl. No changes to the router and the ISP claims no other issues or changes on their end. After many hours of troubleshooting we removed two statements from the router - 'ip inspect ETHERNET in' and from the serial port 'access-group SERIAL_IN'. As soon as we removed these lines - bingo - the internet started working and has now worked for 6 hours. My questions are:
- Any idea why removing these statements after years of seeminly normal operation would fix the problem that only 2 days ago manifested itself?
- If the PIX firewall is correctly configured - is there any need for ip inspect statements in the internet router at all? There are still a bunch of other ip inspectseemingly statements in the config. From what I read it sounds like they are used for firewall purposes only.
Thanks for any info! I know little more about Cisco routers than your average NFL running back. Yeah - that means very little.