Solved

Cisco IOS firewall - ip inspect name OUTSIDE TCP

Posted on 2008-10-20
4
934 Views
Last Modified: 2008-11-18
I am trying to make sense of the IP INSPECT statement of the Cisco IOS firewall. What does it mean when I have IP INSPECT NAME OUTSIDE TCP? or IP INSPECT NAME OUTSIDE ICMP? Does it mean that after the packet pass through the access list, it will be inspected by the IOS firewall and it the packet is not a TCP connection or an ICMP packet, the packet will be dropped? Thx
0
Comment
Question by:netdoc01
  • 3
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764264
It means that it will keep track of TCP connections, inspecting packets for abnormalities and/or possible attacks.

Same applies to ICMP, the firewall will inspect the packet, make sure everything looks ok in it, then pass it on.

If the packet is deemed bad, corrupt or invalid - even part of a possible attack, it will then be dropped.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764273
For example, if you do not include a

 "IP INSPECT NAME OUTSIDE UDP"

The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
0
 

Author Comment

by:netdoc01
ID: 22764328
"inspecting packets for abnormalities and/or possible attacks"

How can it determine if a packet is bad like you have mentioned above?
0
 
LVL 10

Accepted Solution

by:
kyleb84 earned 500 total points
ID: 22764370
For TCP connections, each packet has a set of "flags" in the header that control a connection, you wouldn't - for example see all SYN + RST + ACK flags set in the one packet (SYN = do a connect, RST = reset, ACK = acknowledge).

ICMP packets can contain invalid requests (Can't think of an example).

Some mixture of invalid flags / requests are well known attacks, other instances might just be data corruption that happened on the way.

The bottom line is that when it inspect TCP - it only looks at the TCP info header, not the data therein.

The firewall CAN do layer 4+ inspection as well, which actually takes a look at the data inside the packet and not just the header.

Layer 4+ protocols like SIP, HTTP, and FTP can all be monitored as well. This involves keeping track of such connections deep inside your TCP / UDP packet.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now