I have problem with zone-based firewall on Cisco 2821 Router. This pretty new feature doesn't work for me. On the router I have one internal gigabit0/1 Interface which is in zone âINâ (in private network), gigabit0/0 Interface in zone âOUTâ (in Internet) and one VTI in zone âINâ (to be able to communicate with g0/1 without any problem, it carries OSPF over VPN). I have the following zone-pairs created:
zone-pair security sdm-zp-self-out source self destination out-zone
zone-pair security sdm-zp-out-self source out-zone destination self
zone-pair security sdm-zp-in-out source in-zone destination out-zone
The VPN is passing traffic, because the routing table is updated and I see all routes coming from the other site of the VPN. The problem is that I cannot pass IP/TCP/UDP traffic beyond the routers (in the private networks) on both sides. May be I missed a zone-pair? Please help. The problem is a bit urgent for me and any help will be highly appreciated.