On Jul 22, 2011, at 1:23 PM, "Joseph Mays" <[email protected]> wrote:
> There is no way turning on ip inspection should break communications > anywhere in the absence of an ACL list, is there? IIRC, ip inspect is creating a pseudo-acl, so you're being bitten by the default deny. You should apply a "permit ip any any" ACL inbound on that interface. (Adding more specific permits and making sure ACE counters aren't excessively increasing is also a really good way of making sure inspection is handling the traffic you intended it to during initial deployment without breaking anything). > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
