Cisco 2801 IDS Blocking

Hello Everyone,

I have an interesting issue that I'm hoping someone will be able to assist me with.  Basically I have a subscription to an all online training environment.  They use JavaScript heavily on this site.  When I try to connect into the training environment, portions of the JavaScripts are being blocked and thus preventing me from accessing the site.  I have taken my computer offsite, to my house 8 miles away, and was able to access the site without a problem.  So I know it's not a software issue.  I also have a Barracuda WebFilter 310 in the mix.  I put that in audit mode so that it doesn't block anything and I still get the same result.  Leaving me left with my Cisco 2801 IDS device.

Does anyone have any thoughts on what I can do to ensure that the IDS is not blocking JavaScripts for this site?

The show ver from the 2801 is attached.

Any help you guys can provide would be greatly appreciated!



Cisco IOS Software, 2801 Software (C2801-ADVIPSERVICESK9-M), Version 12.4(15)T8,
Technical Support:
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Mon 01-Dec-08 16:33 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

2801 uptime is 6 weeks, 1 day, 21 hours, 58 minutes
System returned to ROM by power-on
System image file is "flash:c2801-advipservicesk9-mz.124-15.T8.bin"

Cisco 2801 (revision 7.0) with 237568K/24576K bytes of memory.
3 FastEthernet interfaces
1 Serial interface
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
127718K bytes of USB Flash usbflash0 (Read/Write)
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Open in new window

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TIDIProductsAuthor Commented:

I found the issue, it has to do with the IDS blocking java applets.  From what reading I've been doing it looks like if I add an ip inspect rule I should be able to setup an ACL with the appropriate IP's to allow to cross without being blocked.  

Anything I should be aware of regarding how I should go about putting this in?
TIDIProductsAuthor Commented:
Final Update.

I was able to find the info I needed on the net to get this configured.  Simple solution.

Define an access-list with all IP addresses to be allowed.
Specify ip inspect name firewall http java-list 10 audit-trail on
Ensure inspect is added to appropriate internet facing interface(s).

Thanks to anyone who viewed and started looking for a solution for me.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TIDIProductsAuthor Commented:
Was able to dig up appropriate information on Internet after submitting question to experts.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.