Solved

Cisco IOS firewall - ip inspect name OUTSIDE TCP

Posted on 2008-10-20
4
939 Views
Last Modified: 2008-11-18
I am trying to make sense of the IP INSPECT statement of the Cisco IOS firewall. What does it mean when I have IP INSPECT NAME OUTSIDE TCP? or IP INSPECT NAME OUTSIDE ICMP? Does it mean that after the packet pass through the access list, it will be inspected by the IOS firewall and it the packet is not a TCP connection or an ICMP packet, the packet will be dropped? Thx
0
Comment
Question by:netdoc01
  • 3
4 Comments
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764264
It means that it will keep track of TCP connections, inspecting packets for abnormalities and/or possible attacks.

Same applies to ICMP, the firewall will inspect the packet, make sure everything looks ok in it, then pass it on.

If the packet is deemed bad, corrupt or invalid - even part of a possible attack, it will then be dropped.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22764273
For example, if you do not include a

 "IP INSPECT NAME OUTSIDE UDP"

The firewall will not take any notice of UDP packets, and just pass them straight on to the destination.
0
 

Author Comment

by:netdoc01
ID: 22764328
"inspecting packets for abnormalities and/or possible attacks"

How can it determine if a packet is bad like you have mentioned above?
0
 
LVL 10

Accepted Solution

by:
kyleb84 earned 500 total points
ID: 22764370
For TCP connections, each packet has a set of "flags" in the header that control a connection, you wouldn't - for example see all SYN + RST + ACK flags set in the one packet (SYN = do a connect, RST = reset, ACK = acknowledge).

ICMP packets can contain invalid requests (Can't think of an example).

Some mixture of invalid flags / requests are well known attacks, other instances might just be data corruption that happened on the way.

The bottom line is that when it inspect TCP - it only looks at the TCP info header, not the data therein.

The firewall CAN do layer 4+ inspection as well, which actually takes a look at the data inside the packet and not just the header.

Layer 4+ protocols like SIP, HTTP, and FTP can all be monitored as well. This involves keeping track of such connections deep inside your TCP / UDP packet.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question