I have 2811 with IOS 12.4(4)T1 ADVANCED IP SERVICES and after applying CBAC I noticed that router drops some of the returning traffic that belongs to the same TCP session or UDP flow as the packets not dropped. Some packets makes trough to the users and some are simply dropped by inbound ACL... I opened TAC case, but after 2 weeks they are unsuccessful in troubleshooting my issue.
I tried to raise tcp half-opened connection threshold, but there where no any improvements regarding to this problem...
%FW-4-ALERT_ON: getting aggressive, count (213/2000) current 1-min rate: 601
Could a message as above be interpreted as that router has detected a significantly amount of half-opened connections (601 currently), but it would not start to block that traffic until half-opened connection count reaches 2000. Right? If so, misconfigured half-opened connection threshold could not be the cause of this problem?
Is someone else with such problem?
Configuration excerpt:
ip inspect max-incomplete high 2000 ip inspect max-incomplete low 1000 ip inspect one-minute low 500 ip inspect one-minute high 600 ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 smtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip inspect name DEFAULT100 icmp !
interface fa0/0
! inside interface
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip inspect DEFAULT100 in
!Interface fa0/1
! outside interface
ip address 195.100.100.1 255.255.255.252
ip nat outside
ip access-group 111 in
!Interface loopback 0
ip address 200.200.200.1 255.255.255.248
ip nat inside source list 1 pool NAT_POOL overload
!ip nat pool NAT_POOL 200.200.200.1 200.200.200.1 netmask 255.255.255.248
!access-list 111 deny any any
B.R.
Igor