your configured class-map name is TEST-Outbound-CM
however the one applied under the policy map is TEST-Inbound-CM.. from config standpoint,,, wrong CM is applied to the policy map.. This is common issue with IOS... even if something doesnt exist in the configuration, IOS accepts it as part of the command... However ASA is more hirerichal and does not accept any thing as an arguement which is not configured before. FNK On Mon, Oct 10, 2011 at 1:43 PM, Garrett Skjelstad <[email protected]>wrote: > I'm trying to get a zone based firewall that would permit all protocols, > from a specific network, > > However, when I use the inspect statement, I get an error on the reload > that it's not valid. > > <snip> > %No specific protocol or access-group configured in class TEST-Outbound-CM > for inspection. All packets will be dropped > %No specific protocol or access-group configured in class TEST-Inbound-CM > for inspection. All packets will be dropped > </snip> > > <pertinent code> > policy-map type inspect Out-2-In-PM > class type inspect TEST-Inbound-CM > inspect > class class-default > drop > > zone-pair security outzone-to-inzone source out-zone destination in-zone > service-policy type inspect Out-2-In-PM > > class-map type inspect match-any TEST-Outbound-CM > match access-group name TEST-DestNetworks-ACL > > ip access-list extended TEST-DestNetworks-ACL > permit ip any 172.30.0.0 0.0.255.255 > permit ip any 172.31.0.0 0.0.255.255 > </pertinent code> > > Am I using the wrong type of class map? > > Should I change inspect to be "pass", and that would have it work? > > Am I totally barking up the wrong tree? > -Garrett > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
