Applying Inspection Rules to Interfaces
After you have created an inspection rule, you must apply it to an interface.
The most common configuration is to have the inspection rule applied
inbound on the inside interface. This configuration allows the router to
dynamically create holes in the ACLs applied to other interfaces that allow
replies to sessions initiated by hosts on the inside interface. Example 6-2
demonstrates this.
Example 6-2 Applying Inspection Rule Inbound on Inside Interface
interface FastEthernet0/0
description inside interface
ip address 10.1.1.1 255.255.255.0
ip inspect FW in
Verifying Inspection
The following commands are useful for verifying Cisco IOS Firewall configurations:
■ show ip inspect inspection-name
■ show ip inspect config
■ show ip inspect interfaces
■ show ip inspect session [detail]
■ show ip inspect statistics
■ show ip inspect all
■ debug ip inspect detail
■ debug ip inspect events
■ debug ip inspect protocol