IP Inspect

Hi,

Im studying for iscw at the moment and have a question related to the ip inspect rule

If I enter ip inspect NAME tcp this should allow all tcp traffic via the interface it is applied to. That being the case why would I then need to add in any other protocols? for example ip inspect NAME esmtp?

Surely once the generic tcp rule is entered all protocols above the transport layer are being allowed making the second rule redundant?

If somebody could point out what Im getting wrong here that would be grand!

Cheers
Waru

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

cisco_trooper

is inspecting TCP even an option? TCP is already connection-oriented. In a stateful firewall I wouldn't think you would have a reason to inspect TCP...I'll have to go back over packet inspection, but that is my initial thought.

waru

cisco_trooper wrote: »

is inspecting TCP even an option? TCP is already connection-oriented. In a stateful firewall I wouldn't think you would have a reason to inspect TCP...I'll have to go back over packet inspection, but that is my initial thought.

Yes TCP is an option. Someone just cleared this up for me. The inspect command simply inspects it doesnt allow or deny. This is handled by the acl that is paired with the inspect command.

So the ios firewall will only inspect upto tcp layer if thats all you specify. if you specify esmtp or whatever it will also inspect that when it sees it.

SysAdmin4066

TCP inspection can help to mitigate syn flooding attacks.