zone based firewall: select multiple zones as source zones

Unanswered Question
Feb 24th, 2009
User Badges:


I have 4 security zones defined on my 2611XM - 12.4.15T8 router. The customer defined its security policy as a destination policy to all 4 zones, eg

from 10 hosts/networks to zone1

from 20 hosts/networks to zone2, etc,

where the hosts/networks are located on all different zones.

Unfortunately, in my zone-pair definition I cannot select multiple zones as source zone. This would reduce my zone pailr definition from 12 to 4. Does anyone know any alternative to this ?

thx Karien

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadsiddi Tue, 02/24/2009 - 03:47
User Badges:

Does your customer has 12 different policies?. As of now the number of zone-pairs cannot be less than the number of policies. Are you trying to say defining multiple zone-pairs using one zone-pair command and attaching multiple policies to that for each zone-pair?. Pardon me if i dont understand your problem.

kdepijper Tue, 02/24/2009 - 05:14
User Badges:

I have only 4 policies, defined on destination zone level.

Problem is that I cannot select more then 1 source zone in a policy


Policy_1 defines from host_in_zone2, host_in_zone3, ... to zone 1 allow.

Policy_2 defines from host_in_zone1, host_in_zone3,... to zone 2 allow.

Any idea ?

thanks Karien

kdepijper Wed, 03/04/2009 - 02:32
User Badges:


Solution is to create 12 zone pairs, but administration is restricted because I have only 4 policies (Policy maps)


Alex Yeung Thu, 03/05/2009 - 00:31
User Badges:
  • Cisco Employee,

Can you create 12 policies?

Alex Yeung


This Discussion