Cisco 2801 IDS Blocking

Hello Everyone,

I have an interesting issue that I'm hoping someone will be able to assist me with.  Basically I have a subscription to an all online training environment.  They use JavaScript heavily on this site.  When I try to connect into the training environment, portions of the JavaScripts are being blocked and thus preventing me from accessing the site.  I have taken my computer offsite, to my house 8 miles away, and was able to access the site without a problem.  So I know it's not a software issue.  I also have a Barracuda WebFilter 310 in the mix.  I put that in audit mode so that it doesn't block anything and I still get the same result.  Leaving me left with my Cisco 2801 IDS device.

Does anyone have any thoughts on what I can do to ensure that the IDS is not blocking JavaScripts for this site?

The show ver from the 2801 is attached.

Any help you guys can provide would be greatly appreciated!

Regards

Jason


Cisco IOS Software, 2801 Software (C2801-ADVIPSERVICESK9-M), Version 12.4(15)T8,
 RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Mon 01-Dec-08 16:33 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

2801 uptime is 6 weeks, 1 day, 21 hours, 58 minutes
System returned to ROM by power-on
System image file is "flash:c2801-advipservicesk9-mz.124-15.T8.bin"

Cisco 2801 (revision 7.0) with 237568K/24576K bytes of memory.
Processor board ID XXXXXXXXXXXXXXXX
3 FastEthernet interfaces
1 Serial interface
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
127718K bytes of USB Flash usbflash0 (Read/Write)
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Open in new window

TIDIProductsAsked:
Who is Participating?
 
TIDIProductsConnect With a Mentor Author Commented:
Final Update.

I was able to find the info I needed on the net to get this configured.  Simple solution.

Define an access-list with all IP addresses to be allowed.
Specify ip inspect name firewall http java-list 10 audit-trail on
Ensure inspect is added to appropriate internet facing interface(s).

Thanks to anyone who viewed and started looking for a solution for me.
0
 
TIDIProductsAuthor Commented:
Update.  

I found the issue, it has to do with the IDS blocking java applets.  From what reading I've been doing it looks like if I add an ip inspect rule I should be able to setup an ACL with the appropriate IP's to allow to cross without being blocked.  

Anything I should be aware of regarding how I should go about putting this in?
0
 
TIDIProductsAuthor Commented:
Was able to dig up appropriate information on Internet after submitting question to experts.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.