Inspect allows the return traffic.
On Mon, Jan 2, 2012 at 4:00 PM, Aaron <aaron1_at_gvtc.com> wrote:
> The following seems to allow me to ping from inside to outside.. What if I
> replace the "inspect" action under the policy-map with the "pass" action?
> What is the difference?
>
>
>
> Aaron
>
>
>
>
>
> zone security inside
>
>
>
> zone security outside
>
>
>
> interface FastEthernet0/0
>
> zone-member security inside
>
>
>
> interface Serial2/0:0
>
> zone-member security outside
>
>
>
> class-map typ inspe inside-to-outside
>
> match protocol icmp
>
>
>
> policy-map type inspect inside-to-outside
>
> class type inspect inside-to-outside
>
> inspect
>
>
>
> zone-p sec inside-to-outside sou inside des outside
>
> service-policy type inspect inside-to-outside
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 02 2012 - 16:31:14 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART