I might have misunderstood your question, but your config would help everyone understand. Remember that if traffic from one interface traverses to another, both must participate in ZBFW (configured as a zone-pair) to pass traffic. I'm sure you've done that and I just read too far into your notes.
Can you paste your R2 ZBFW config?
Regards,
Jay McMickle- CCIE #35355 (RS), 3x CCNP (RS,Security,Design)
Sent from my iPhone
On Oct 3, 2012, at 9:54 AM, Mohammad Mousa <mohd-mousa_at_hotmail.com> wrote:
> Hi Guys, I have a question about ZBF, as far as I know that the ZBF is taking the concept from the CBAC by permiting all the traffic that initiated from inside to the outside and permit the return traffic.I defined the policy-map to pass the ICMP and class-default as well. R1------R2----R5 (Router2) have four interfaces, one of them is in Zone X (interface facing R5) and the others in zone Y. When I pinged from R1-R5, I saw the output of the ICMP debuging and the packets reached R5, but the traffice didn't come back to R1. When I put the zone-pair both direction, it worked fine! please advice me, correct me if I'm wrong !Thank you all.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 03 2012 - 09:59:15 ART
This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART