Hi MOhammed,
You should configure 'inspect' instead of just 'pass' if you want the
return traffic to be allowed back in. 'pass' will not necessarily keep
state information to allow the traffic when it returns; thats the job of
the 'inspect' action.
Try it out and let us know if that solves the issue.
HTH a bit.
Sadiq
On Wed, Oct 3, 2012 at 3:54 PM, Mohammad Mousa <mohd-mousa_at_hotmail.com>wrote:
> Hi Guys, I have a question about ZBF, as far as I know that the ZBF is
> taking the concept from the CBAC by permiting all the traffic that
> initiated from inside to the outside and permit the return traffic.I
> defined the policy-map to pass the ICMP and class-default as well.
> R1------R2----R5 (Router2) have four interfaces, one of them is in Zone
> X (interface facing R5) and the others in zone Y. When I pinged from
> R1-R5, I saw the output of the ICMP debuging and the packets reached R5,
> but the traffice didn't come back to R1. When I put the zone-pair both
> direction, it worked fine! please advice me, correct me if I'm wrong !Thank
> you all.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Wed Oct 03 2012 - 15:59:28 ART
This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART