Solved

Cisco IOS firewall - ip inspect name OUTSIDE TCP

Posted on 2008-10-20
4
944 Views
Last Modified: 2008-11-18
I am trying to make sense of the IP INSPECT statement of the Cisco IOS firewall. What does it mean when I have IP INSPECT NAME OUTSIDE TCP? or IP INSPECT NAME OUTSIDE ICMP? Does it mean that after the packet pass through the access list, it will be inspected by the IOS firewall and it the packet is not a TCP connection or an ICMP packet, the packet will be dropped? Thx
0
Comment
Question by:netdoc01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764264
It means that it will keep track of TCP connections, inspecting packets for abnormalities and/or possible attacks.

Same applies to ICMP, the firewall will inspect the packet, make sure everything looks ok in it, then pass it on.

If the packet is deemed bad, corrupt or invalid - even part of a possible attack, it will then be dropped.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764273
For example, if you do not include a

 "IP INSPECT NAME OUTSIDE UDP"

The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
0
 

Author Comment

by:netdoc01
ID: 22764328
"inspecting packets for abnormalities and/or possible attacks"

How can it determine if a packet is bad like you have mentioned above?
0
 
LVL 10

Accepted Solution

by:
kyleb84 earned 500 total points
ID: 22764370
For TCP connections, each packet has a set of "flags" in the header that control a connection, you wouldn't - for example see all SYN + RST + ACK flags set in the one packet (SYN = do a connect, RST = reset, ACK = acknowledge).

ICMP packets can contain invalid requests (Can't think of an example).

Some mixture of invalid flags / requests are well known attacks, other instances might just be data corruption that happened on the way.

The bottom line is that when it inspect TCP - it only looks at the TCP info header, not the data therein.

The firewall CAN do layer 4+ inspection as well, which actually takes a look at the data inside the packet and not just the header.

Layer 4+ protocols like SIP, HTTP, and FTP can all be monitored as well. This involves keeping track of such connections deep inside your TCP / UDP packet.

0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
unable to set full duplex 100 on WAN interface 11 96
VPN Ports 8 71
Grant drive/folder change permissions to VPN user 6 39
Netgear Router 5 G 11 48
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question