CBAC Definition ip inspect name FWOUT tcp ip inspect name FWOUT udp ip inspect name FWOUT icmp Seems pretty complete doesn’t it? With this simple configuration, most things will work. Earlier, I said that all TCP services would work. That is mostly true, but we’ll soon see an exception to this. If we look at the context sensitive help for ip inspect name FWOUT, we see several other ...
So i think the new router ISR4431/K9 doesn't have ip inspect function, isn't it? Below is the show version on the new router: bb_router#show version Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5 (3)S4b, RELEASE SOFTWARE (fc1)
Outside of using packet tracer to test if a packet is being will be dropped or not, is there a way to debug or see logging messages when a packet is dropped due to an inspection policy?