1812 firewall

Unanswered Question
Jun 16th, 2008
User Badges:

Below is part of my config file of router 1812. With this implementation I only have problem with sending e-mails.

What is wrong? How can I exclude inspection of smtp?


class-map type inspect match-all sdm-cls--3

match access-group name Public

class-map type inspect match-any sdm-cls--2

match access-group name Internet

class-map type inspect match-all sdm-cls--1

match access-group name LAN

class-map type inspect match-all sdm-cls--5

match access-group name pristup

class-map type inspect match-all sdm-cls--4

match access-group name VPN



policy-map type inspect sdm-policy-sdm-cls--1

class type inspect sdm-cls--1


class class-default

policy-map type inspect sdm-policy-sdm-cls--3

class type inspect sdm-cls--3


class class-default

policy-map type inspect sdm-policy-sdm-cls--2

class type inspect sdm-cls--2


class class-default


policy-map type inspect sdm-policy-sdm-cls--5

class type inspect sdm-cls--5


policy-map type inspect sdm-policy-sdm-cls--4

class type inspect sdm-cls--4


class class-default


zone security visitors

zone security employee

zone security Internet

zone security VPN

zone-pair security sdm-zp-visitors-employee source visitors destination employee

service-policy type inspect sdm-policy-sdm-cls--1

zone-pair security sdm-zp-employee-Internet source employee destination Internet

service-policy type inspect sdm-policy-sdm-cls--2

zone-pair security sdm-zp-visitors-Internet source visitors destination Internet

service-policy type inspect sdm-policy-sdm-cls--3

zone-pair security sdm-zp-VPN-employee source VPN destination employee

service-policy type inspect sdm-policy-sdm-cls--4

zone-pair security sdm-zp-Internet-employee source Internet destination employee

service-policy type inspect sdm-policy-sdm-cls--5


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Mon, 06/23/2008 - 06:41
User Badges:
  • Bronze, 100 points or more

The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. To apply a set of inspection rules to an interface, use the "ip inspect" command in interface configuration mode. There are two different modes for this command, configuration mode and interface configuration mode. To remove the set of rules from the interface, use the no form of this command.


This Discussion