Agreed.
Regards,
Jay McMickle- CCNP,CCSP,CCDP
Sent from my iPhone
http://mycciepursuit.wordpress.com
On Jan 2, 2012, at 4:31 PM, marc abel <marcabel_at_gmail.com> wrote:
> Inspect allows the return traffic.
>
> On Mon, Jan 2, 2012 at 4:00 PM, Aaron <aaron1_at_gvtc.com> wrote:
>
>> The following seems to allow me to ping from inside to outside.. What if I
>> replace the "inspect" action under the policy-map with the "pass" action?
>> What is the difference?
>>
>>
>>
>> Aaron
>>
>>
>>
>>
>>
>> zone security inside
>>
>>
>>
>> zone security outside
>>
>>
>>
>> interface FastEthernet0/0
>>
>> zone-member security inside
>>
>>
>>
>> interface Serial2/0:0
>>
>> zone-member security outside
>>
>>
>>
>> class-map typ inspe inside-to-outside
>>
>> match protocol icmp
>>
>>
>>
>> policy-map type inspect inside-to-outside
>>
>> class type inspect inside-to-outside
>>
>> inspect
>>
>>
>>
>> zone-p sec inside-to-outside sou inside des outside
>>
>> service-policy type inspect inside-to-outside
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 02 2012 - 18:11:43 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART