TCP inspect and Riverbed issues
Posted on 2011-10-18
i have recently encountered an issue when using a Cisco 1841 router with advanced security k9, and using Riverbed.
we use the built in IOS firewall feature (cbac / spi) in the router. 1 of the protocols we inspect is TCP leaving the outside interface.
Remote sites connect back to the core using IPSEC over GRE VPN tunnels. also we use Riverbed Steelhead devices at each end for data acceleration across the WAN.
Since installing an 1841 router at 1 of the remote sites, they are experiencing many instances of their site going down. i spoke to somebody who said this could be something to do with using the TCP inspect feature along with Riverbeds. apparently the router inspect feature could be blcoking the return Riverbed traffic. i find this odd because the inspect feature is enabled on the outside port only, but not against the GRE interface which the remote site traffic traverses (even though physically the GRE tunnel is out of the outside port).
has anybody seen this behaviour before, and could recommend a fix / solution.
thanks in advance.