Does anyone here know why I can ping from the INSIDE zone to the
OUTSIDE....but I just cannot telnet (even at port 80)???
When I further added a zone-pair for the OUTSIDE to INSIDE security zones,
all goes through the firewall... this is really a strange one...
unless there is something basic here about this Zone Based FW i havent
understood yet...
Thanks guys!
class-map type inspect match-any ICMP
match protocol icmp
match protocol tcp
match protocol http
match protocol telnet
class-map type inspect match-any TCP
match protocol tcp
match protocol udp
match protocol icmp
match protocol telnet
match protocol http
!
!
policy-map type inspect TCP_UDP_ICMP
class type inspect TCP
inspect
class class-default
drop
policy-map type inspect ICMP_FROM_OUT
class type inspect ICMP
inspect
class class-default
drop
!
zone security INSIDE
zone security OUTSIDE
zone security zx
zone security zy
zone-pair security INSIDE-OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect ICMP_FROM_OUT
zone-pair security zx-zy source zx destination zy
service-policy type inspect-internal px-py
zone-pair security OUTSIDE-INSIDE source OUTSIDE destination INSIDE
service-policy type inspect ICMP_FROM_OUT
!
!
!
!
interface FastEthernet0/0
ip address 191.1.123.3 255.255.255.0
zone-member security INSIDE
!
interface FastEthernet0/1
ip address 204.12.1.3 255.255.255.0
zone-member security OUTSIDE
interface Serial1/0.34 point-to-point
ip address 191.1.34.3 255.255.255.0
zone-member security INSIDE
!
interface Serial1/3
ip address 191.1.23.3 255.255.255.0
zone-member security INSIDE
ip ospf authentication
ip ospf authentication-key CISCO
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Thu May 14 2009 - 22:18:31 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:42 ART