I'm trying to get a zone based firewall that would permit all protocols, from a specific network,
However, when I use the inspect statement, I get an error on the reload that it's not valid. <snip> %No specific protocol or access-group configured in class TEST-Outbound-CM for inspection. All packets will be dropped %No specific protocol or access-group configured in class TEST-Inbound-CM for inspection. All packets will be dropped </snip> <pertinent code> policy-map type inspect Out-2-In-PM class type inspect TEST-Inbound-CM inspect class class-default drop zone-pair security outzone-to-inzone source out-zone destination in-zone service-policy type inspect Out-2-In-PM class-map type inspect match-any TEST-Outbound-CM match access-group name TEST-DestNetworks-ACL ip access-list extended TEST-DestNetworks-ACL permit ip any 172.30.0.0 0.0.255.255 permit ip any 172.31.0.0 0.0.255.255 </pertinent code> Am I using the wrong type of class map? Should I change inspect to be "pass", and that would have it work? Am I totally barking up the wrong tree? -Garrett
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
