Guys, I need a fresh eye on the problem (if it is a problem) I ran into. Testing ZFW with non-standard ports, i.e. Telnet 3020 running on the router.
Host ---(10.0.0.0/24)----- R3 -------- R2 Rotary 20 is configured on VTY lines of R2 R1 has the following ZFW and PAM settings: R3#sh ip port-map telnet Default mapping: telnet tcp port 23 system defined Host specific: telnet tcp port 3020 in list 1 user defined access-list 1 permit 10.0.0.0 0.0.0.255 log //log is added to see matches class-map type inspect match-all TELNET-CM match protocol telnet policy-map type inspect A->C-PM class type inspect ICMP-CM pass log class type inspect TELNET-CM Inspect Respective interfaces are assigned to zones and zone-pairs are created. I don't show it for brevity as it does't relate to the problem. When I try to telnet to R2 over port 3020 from the Host I fail, i.e. ZFW doesn't match it and drops it by class-default. But when I change the access-list 1 to have to be: Access-list 1 permit any The situation changes and I can telnet to port 3020. Why is that ? Is the standard ACL not supposed to be working on the source address ? The IP address of the Host is 10.0.0.100. Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
