ip inspect

Guys,

Need your help with ip inspect ...
Here is my minilab config and it makes sense:

R3#sh access-lists
Extended IP access list R3O
permit tcp host 1.1.1.1 eq telnet host 3.3.45.4 eq 11001 (6 matches)
10 permit tcp any any eq bgp (31 matches)
20 permit tcp any eq bgp any (370 matches)
30 permit eigrp any any (2223 matches)
40 permit icmp any any (35 matches)
1000 deny ip any any log (53 matches)
R3#
R3#sh ip inspect sessions
Established Sessions
Session 83E81F2C (3.3.45.4:11001)=>(1.1.1.1:23) tcp SIS_OPEN
R3#
interface FastEthernet0/0
ip address 3.3.73.3 255.255.255.0
ip access-group R3O out
ip inspect TL in
duplex auto
speed auto
end

Cisco website ... I don't understand:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i2.html#wp1011411

The following example applies a set of inspection rules named "outboundrules" to an external interface's outbound traffic. This causes inbound IP traffic to be permitted only if the traffic is part of an existing session, and to be denied if the traffic is not part of an existing session.

interface serial0

ip inspect MY-INSPECT_RULE out

Thx.

Comments

  • i comprehend that mean is that if you apply the inspect direction was out,then this router will "inspect" all of outbound connection and record.for the connection which was recorded,router would creat a permit clause which reverse the recorded source and destination addresses and ports.the clause would apply in top of inbound ACLs.as a result,all of the return traffic will be permitted.
Sign In or Register to comment.