This section looks into some of commonly asked questions and confusions regarding CBAC in a question-and-answer format.
| 1 | Is load balancing possible with CBAC?
|
| Answer: | Yes, if it is in the same router, but be sure to apply the same ACL on both the interfaces which participate in load-balancing the traffic.
|
| 2 | With which features does the Cisco IOS Firewall not interoperate?
|
| Answer: | The Cisco IOS Firewall does not interoperate with the following features: TCP intercept Asymmetric routing, where ingress and egress are two different routers; Load-balancing, where ingress and egress are two different routers.
Layer 4 and Layer 7 inspection of fragmented packets is not supported.
The Cisco IOS Firewall operation with Server Load Balancing (SLB) has not been tested.
|
| 3 | Does CBAC work with standard ACL on the opposite direction of the CBAC inspection rule?
|
| Answer: | No. Because the ACE in the ACL is created based on snm5-tuples which are based on Layer 4 information; you must have extended ACL configured so that ACE can be created by CBAC.
|
| |
| 4 | Does Cisco IOS Firewall work with fast switching?
|
| Answer: | Yes, the firewall works with all high-performance switching modes that the platform supports, including Cisco Express Forwarding (CEF), flow, fast and process switching modes.
|
| 5 | Does the firewall work with Channelized T1 by applying distinct policies to different channel groups?
|
| Answer: | Yes. The same is true when distinct policies are applied to different Frame Relay subinterfaces.
|
| 6 | Can non-IP protocols be routed while using Cisco IOS Firewall?
|
| Answer: | Yes, other protocols such as Internetwork Packet Exchange [IPX] and AppleTalk can function alongside the firewall technology, but the firewall will not inspect associated traffic.
|
