Challenges Implementing Self Zone in ZBF

Unanswered Question
Oct 22nd, 2008

Trying to wrap my head around ZBF. I have it working to a point - except VPN connections can no longer be established once I implement the zone-pairs. I thought it might be the Access-List, so I added additional statements for VPN.

Using IPSec and WebSSL

What I put in is below:

ip access-list extended Outside_Self

permit icmp any any echo

permit ah any any

permit esp any any

permit gre any any

permit udp any eq isakmp any

permit upd any eq non500-isakmp any

ip access-list extended Management-Protocols

permit tcp any any eq 22

permit tcp any any eq 443

permit icmp any any echo

class-map type inspect match-any Out_Self

match access-group name Outside_Self

class-map type inspect match-any Router-Management

match access-group name Management-Protocols

policy-map type inspect Inside-To-Router

class type inspect Router-Management


class class-default

policy-map type inspect Router-To-Inside

class class-default


policy-map type inspect Outside-Router

class type inspect Out_Self


class class-default

drop log

zone-pair security Outside-To-Router source outside destination self

zone-pair security Inside-To-Router source inside destination self

zone-pair security Router-To-Inside source self destination inside

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion