Hi,
I need your advice. tried to enable Firewall on the ISR using zone security but whenever i apply it on the interface (in/out)some of the ports like 3389 etc are blocked. Need to know if there is anything i need to configure to accept port 3389.
class-map type inspect match-all xxx
match access-group xxx
class-map type inspect match-any inspect-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol http
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all xxx
match access-group name xxx
class-map type inspect match-all xxx
match access-group xxx
class-map type inspect match-any out-self
match access-group xxx
class-map type inspect match-any self-out
match protocol icmp
match protocol tcp
match protocol udp
policy-map type inspect in-out
class type inspect xxx
pass
class type inspect inspect-traffic
inspect
class class-default
policy-map type inspect xxx
class type inspect xxx
pass
class class-default
drop
policy-map type inspect self-out
class type inspect self-out
inspect
class class-default
pass
policy-map type inspect out-self
class type inspect xxx
pass
class type inspect out-self
inspect
class class-default
zone security out-zone
zone security in-zone
zone-pair security self-out source self destination out-zone
service-policy type inspect self-out
zone-pair security out-self source out-zone destination self
service-policy type inspect out-self
zone-pair security in-out source in-zone destination out-zone
service-policy type inspect in-out
zone-pair security vpn-inside source out-zone destination in-zone
service-policy type inspect vpn-inside