Common Problems and Resolutions

This section looks into some of commonly asked questions and confusions regarding CBAC in a question-and-answer format.


Is load balancing possible with CBAC?


Yes, if it is in the same router, but be sure to apply the same ACL on both the interfaces which participate in load-balancing the traffic.


With which features does the Cisco IOS Firewall not interoperate?


The Cisco IOS Firewall does not interoperate with the following features: TCP intercept Asymmetric routing, where ingress and egress are two different routers; Load-balancing, where ingress and egress are two different routers.

Layer 4 and Layer 7 inspection of fragmented packets is not supported.

The Cisco IOS Firewall operation with Server Load Balancing (SLB) has not been tested.


Does CBAC work with standard ACL on the opposite direction of the CBAC inspection rule?


No. Because the ACE in the ACL is created based on snm5-tuples which are based on Layer 4 information; you must have extended ACL configured so that ACE can be created by CBAC.


Does Cisco IOS Firewall work with fast switching?


Yes, the firewall works with all high-performance switching modes that the platform supports, including Cisco Express Forwarding (CEF), flow, fast and process switching modes.


Does the firewall work with Channelized T1 by applying distinct policies to different channel groups?


Yes. The same is true when distinct policies are applied to different Frame Relay subinterfaces.


Can non-IP protocols be routed while using Cisco IOS Firewall?


Yes, other protocols such as Internetwork Packet Exchange [IPX] and AppleTalk can function alongside the firewall technology, but the firewall will not inspect associated traffic.

Cisco Network Security Troubleshooting Handbook
Cisco Network Security Troubleshooting Handbook
ISBN: 1587051893
EAN: 2147483647
Year: 2006
Pages: 190
Authors: Mynul Hoda

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: