ClayShooter
asked on
IP INSPECT blocking one web site in particular - Help troubleshooting
Customer has a Cisco 871 running 12.4(4)T7 with ISO Firewall. They called saying that one of their sites could not access a particular website. It would load but hang after entering user/pass. Removed IP INSPECT in from VLAN1 and out from FastEthernet4 (DSL). Every thing started working. Added either/or back and it would break.
is there anyway I can find out what is being blocked so i can open it up?
thanks....
is there anyway I can find out what is being blocked so i can open it up?
thanks....
ip inspect audit-trail
ip inspect name INFIRE ftp
ip inspect name INFIRE udp
ip inspect name INFIRE sqlnet
ip inspect name INFIRE realaudio
ip inspect name INFIRE h323
ip inspect name INFIRE http
ip inspect name INFIRE https
ip inspect name INFIRE ftps
ip inspect name INFIRE pop3
ip inspect name INFIRE ssh
ip inspect name INFIRE imap
ip inspect name INFIRE imap3
ip inspect name INFIRE pop3s
ip inspect name INFIRE dns
ip inspect name INFIRE esmtp alert on audit-trail on timeout 180
ip inspect name INFIRE tcp
What protocol is the website using when they connect, e.g. http or https? You could try removing that inspect from the list. It will then be caught by the generic tcp inspect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was my first thought. However, on the 871 the F4 interface doesn't support a user settable MTU.
In which case you should be able to set it on Eth0. This is the actual interface on the router on 871s I believe. Unless there is a vlan interface.
ASKER
VLAN or FastEthernet4 (physical WAN interface) will allow user selectable MTU.
ASKER
I had a brain freeze and was using the wrong command to set the MTU. After I realized what I was doing wrong I changed the IP MTU on the WAN (F4) interface and it worked great.