1812 firewall

Unanswered Question
Jun 16th, 2008

Below is part of my config file of router 1812. With this implementation I only have problem with sending e-mails.

What is wrong? How can I exclude inspection of smtp?

---

class-map type inspect match-all sdm-cls--3

match access-group name Public

class-map type inspect match-any sdm-cls--2

match access-group name Internet

class-map type inspect match-all sdm-cls--1

match access-group name LAN

class-map type inspect match-all sdm-cls--5

match access-group name pristup

class-map type inspect match-all sdm-cls--4

match access-group name VPN

!

!

policy-map type inspect sdm-policy-sdm-cls--1

class type inspect sdm-cls--1

inspect

class class-default

policy-map type inspect sdm-policy-sdm-cls--3

class type inspect sdm-cls--3

inspect

class class-default

policy-map type inspect sdm-policy-sdm-cls--2

class type inspect sdm-cls--2

inspect

class class-default

pass

policy-map type inspect sdm-policy-sdm-cls--5

class type inspect sdm-cls--5

inspect

policy-map type inspect sdm-policy-sdm-cls--4

class type inspect sdm-cls--4

inspect

class class-default

!

zone security visitors

zone security employee

zone security Internet

zone security VPN

zone-pair security sdm-zp-visitors-employee source visitors destination employee

service-policy type inspect sdm-policy-sdm-cls--1

zone-pair security sdm-zp-employee-Internet source employee destination Internet

service-policy type inspect sdm-policy-sdm-cls--2

zone-pair security sdm-zp-visitors-Internet source visitors destination Internet

service-policy type inspect sdm-policy-sdm-cls--3

zone-pair security sdm-zp-VPN-employee source VPN destination employee

service-policy type inspect sdm-policy-sdm-cls--4

zone-pair security sdm-zp-Internet-employee source Internet destination employee

service-policy type inspect sdm-policy-sdm-cls--5

----------------------

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hadbou Mon, 06/23/2008 - 06:41

The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. To apply a set of inspection rules to an interface, use the "ip inspect" command in interface configuration mode. There are two different modes for this command, configuration mode and interface configuration mode. To remove the set of rules from the interface, use the no form of this command.

Actions

This Discussion