Hi, What is the best practice for allowing IGP traffic when self zones are configured in both directions?
1. Say you have self-Outside zone and Outside-self zone configured. 2. For IGPs like OSPF/RIP/EIGRP would you add a PASS action class to both zone-pairs? Or do you "inspect" one of them. I don't think of IGP peerings as "sessions" in the UDP/TCP sense. !--- policy-map type inspect XXX-out-self class IGP pass !--- apply to Outside-self zone-pair !--- policy-map type inspect XXX-self-out class IGP pass !--- apply to self-Outside zone-pair
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
