What is the image version? With regards Kings
On Mon, Oct 10, 2011 at 11:13 PM, Garrett Skjelstad <[email protected]>wrote: > I'm trying to get a zone based firewall that would permit all protocols, > from a specific network, > > However, when I use the inspect statement, I get an error on the reload > that it's not valid. > > <snip> > %No specific protocol or access-group configured in class TEST-Outbound-CM > for inspection. All packets will be dropped > %No specific protocol or access-group configured in class TEST-Inbound-CM > for inspection. All packets will be dropped > </snip> > > <pertinent code> > policy-map type inspect Out-2-In-PM > class type inspect TEST-Inbound-CM > inspect > class class-default > drop > > zone-pair security outzone-to-inzone source out-zone destination in-zone > service-policy type inspect Out-2-In-PM > > class-map type inspect match-any TEST-Outbound-CM > match access-group name TEST-DestNetworks-ACL > > ip access-list extended TEST-DestNetworks-ACL > permit ip any 172.30.0.0 0.0.255.255 > permit ip any 172.31.0.0 0.0.255.255 > </pertinent code> > > Am I using the wrong type of class map? > > Should I change inspect to be "pass", and that would have it work? > > Am I totally barking up the wrong tree? > -Garrett > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
