06-16-2008 11:34 PM - edited 03-11-2019 06:00 AM
Below is part of my config file of router 1812. With this implementation I only have problem with sending e-mails.
What is wrong? How can I exclude inspection of smtp?
---
class-map type inspect match-all sdm-cls--3
match access-group name Public
class-map type inspect match-any sdm-cls--2
match access-group name Internet
class-map type inspect match-all sdm-cls--1
match access-group name LAN
class-map type inspect match-all sdm-cls--5
match access-group name pristup
class-map type inspect match-all sdm-cls--4
match access-group name VPN
!
!
policy-map type inspect sdm-policy-sdm-cls--1
class type inspect sdm-cls--1
inspect
class class-default
policy-map type inspect sdm-policy-sdm-cls--3
class type inspect sdm-cls--3
inspect
class class-default
policy-map type inspect sdm-policy-sdm-cls--2
class type inspect sdm-cls--2
inspect
class class-default
pass
policy-map type inspect sdm-policy-sdm-cls--5
class type inspect sdm-cls--5
inspect
policy-map type inspect sdm-policy-sdm-cls--4
class type inspect sdm-cls--4
inspect
class class-default
!
zone security visitors
zone security employee
zone security Internet
zone security VPN
zone-pair security sdm-zp-visitors-employee source visitors destination employee
service-policy type inspect sdm-policy-sdm-cls--1
zone-pair security sdm-zp-employee-Internet source employee destination Internet
service-policy type inspect sdm-policy-sdm-cls--2
zone-pair security sdm-zp-visitors-Internet source visitors destination Internet
service-policy type inspect sdm-policy-sdm-cls--3
zone-pair security sdm-zp-VPN-employee source VPN destination employee
service-policy type inspect sdm-policy-sdm-cls--4
zone-pair security sdm-zp-Internet-employee source Internet destination employee
service-policy type inspect sdm-policy-sdm-cls--5
----------------------
06-23-2008 06:41 AM
The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. To apply a set of inspection rules to an interface, use the "ip inspect" command in interface configuration mode. There are two different modes for this command, configuration mode and interface configuration mode. To remove the set of rules from the interface, use the no form of this command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide