Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Re: IP Inspection

Thread Tools

Re: IP Inspection

Posts: n/a
On 8 Sep, 02:48, "(E-Mail Removed)" <(E-Mail Removed)>
> On Sep 7, 7:13*pm, bod43 <(E-Mail Removed)> wrote:
> I don't recognize this output. *What command did you issue to generate
> this?

Sorry I meant to post the command and forgot.

sh int switching

As regards forwarding performance
is doesn't matter which fast switching method is in use,
CEF, Netflow, Fast Switching, others mostly obsolete

The sh int switching does not distinguish and
lumps all fast switching types together. Which is
what you want

> Can you please explain why applying "ip inspect myfw out" to the
> outside interface is better than "ip inspect myfw in" on the inside
> interface?

I don't know. I think I know what applying an
inspect statement to the outside interface means,
but I have no idea what applying it to an inside
interface will mean. I would apply it to the outside interface.

The inspect process does two things.

Makes temporary holes in the inbound access-list
to allow the return traffic.

"Inspects" the traffic. I have no real idea what this
amounts to on a Cisco router.

Oh yes. I was guessing about 12.3T so it does not
matter much whether it is after 12.3 or not.

It happens that it is after. In general the T (Technology)
train has all the new stuff that eventually ends up
in the next main release.

12.2T --> 12.3 mainline
12.3T --> 12.4 mainline
12.4T --> 15 mainline

The mainline software is effectively frozen
apart from bug fixes and all new hardware
and software features end up in the T.

The other weird releases are generally
desigend to get specific hardware or software
features out the door and end up folded back
into the T train quite quickly.

There are a couple of exceptions.

An example is that the "Switches" tend to use
different releases.

For the most stable software for routers, use
mainline of you can, T if you
need the features and avoid any others
if at all possible.

For switches go with the flow. There is no alternative)

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
turnting on http inspection on a PIX B Squared Cisco 1 02-25-2006 08:55 PM
CBAC (ip inspection) - no udp blocking elmar bschorer Cisco 5 03-07-2005 05:27 PM
CBAC inspection rule with Cisco-AVPair Daniel Eyholzer Cisco 0 10-12-2004 12:46 PM
SMTP Application Inspection Nathan Cisco 3 05-21-2004 07:49 PM
Visual Code Inspection Tool Jack Wright ASP .Net 0 01-20-2004 06:57 AM