Tried to activate Firewall in ISR but blockes allowed services

Unanswered Question

Hi,


I need your advice. tried to enable Firewall on the ISR using zone security but whenever i apply it on the interface (in/out)some of the ports like 3389 etc are blocked. Need to know if there is anything i need to configure to accept port 3389.


class-map type inspect match-all xxx

match access-group xxx


class-map type inspect match-any inspect-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol http

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp


class-map type inspect match-all xxx

match access-group name xxx


class-map type inspect match-all xxx

match access-group xxx

class-map type inspect match-any out-self

match access-group xxx


class-map type inspect match-any self-out

match protocol icmp

match protocol tcp

match protocol udp


policy-map type inspect in-out

class type inspect xxx

pass

class type inspect inspect-traffic

inspect

class class-default

policy-map type inspect xxx

class type inspect xxx

pass

class class-default

drop

policy-map type inspect self-out

class type inspect self-out

inspect

class class-default

pass

policy-map type inspect out-self

class type inspect xxx

pass

class type inspect out-self

inspect

class class-default


zone security out-zone

zone security in-zone

zone-pair security self-out source self destination out-zone

service-policy type inspect self-out

zone-pair security out-self source out-zone destination self

service-policy type inspect out-self

zone-pair security in-out source in-zone destination out-zone

service-policy type inspect in-out

zone-pair security vpn-inside source out-zone destination in-zone

service-policy type inspect vpn-inside


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 10/21/2008 - 08:08
User Badges:
  • Silver, 250 points or more

Configure an Access-list to open the port 3389 and apply the access-list on the interface where you have configured the zone based firewall which will prevent the port from being blocked.


Actions

This Discussion