Hello All!
This is my first post. I am working on Lab2A task 2.11,
Transparent Zone Based Firewall. The configuration task are to be
performed on R8. I have followed the PG, and diff'd my configuration
against the provided FINAL configs and I can't see to get the firewall
to actually do anything. When ever I checked the counters with sh
policy-map type inspect zone-pair, the counters were zero even though I
was running test traffic across the router in both directions. In an
effort to get down to the basics, I did a wr erase and reloaded. After
the router came back up, I configured the following:
zone security INSIDE
zone security OUTSIDE
bridge irb
bridge 1 protocol ieee
bridge 1 route ip
interface FastEthernet2/0
no ip address
zone-member security OUTSIDE
duplex full
speed 100
bridge-group 1
!
interface FastEthernet2/1
no ip address
zone-member security INSIDE
duplex full
speed 100
bridge-group 1
!
interface BVI1
ip address 9.9.156.8 255.255.255.0
Router#sh policy-map type inspect zone-pair
Router#
Traffic is now flowing across the bridge and that is where I am
confused. According to my reading, no traffic is allowed to flow between
zones if there is not a "zone-pair" allowing this. So how is traffic
flowing?
I am running this on a 7206VXR with IOS 12.4(15)T1.
Any thoughts would be greatly appreciated!
Thanks!
Dave
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
