I agree with Sadiq, put inspect instead of pass.
@ccie99999
Il giorno 03/ott/2012 18:12, "Joe Sanchez" <marco207p_at_gmail.com> ha scritto:
> Mousa, post your config for the ZBFW
>
> Regards,
> Joe Sanchez
>
> ( please excuse the brevity of this email as it was sent via a mobile
> device. Please excuse misspelled words or sentence structure.)
>
> On Oct 3, 2012, at 9:54 AM, Mohammad Mousa <mohd-mousa_at_hotmail.com> wrote:
>
> > Hi Guys, I have a question about ZBF, as far as I know that the ZBF is
> taking the concept from the CBAC by permiting all the traffic that
> initiated from inside to the outside and permit the return traffic.I
> defined the policy-map to pass the ICMP and class-default as well.
> R1------R2----R5 (Router2) have four interfaces, one of them is in Zone
> X (interface facing R5) and the others in zone Y. When I pinged from
> R1-R5, I saw the output of the ICMP debuging and the packets reached R5,
> but the traffice didn't come back to R1. When I put the zone-pair both
> direction, it worked fine! please advice me, correct me if I'm wrong !Thank
> you all.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 03 2012 - 16:17:46 ART
This archive was generated by hypermail 2.2.0 : Thu Nov 01 2012 - 10:53:33 ART