Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
0
Helpful
1
Replies

Zone FW working but not matching protocol Class Map

HEATH FREEL
Level 1
Level 1

‎02-27-2009 08:54 AM - edited ‎03-11-2019 07:58 AM

My configuration is simple and testing has gone well.... I started off with a Class map that only matched on an access list. After successful testing I added a subordinate class map for protocol matching. If appears to be working but the statistics do not show what I expect.

In the attachment you will see the configuration and the output of the "show policy-map type inspect zone-pair inout session" command.

Although it is working I expected to see hits against the protocols I am inspecting. In this case a ping to an outside server should have hits against the ICMP protocol. Same thing it I do an HTTP session - it works but no hits. In reading through the documentation I have configured it correctly, but am I missing something.

BTW - 881 Version 12.4.20T1

Thanks,

Heath

Labels:
Preview file
3 KB
0 Helpful
1 Reply 1

mchin345
Level 6
Level 6

‎03-05-2009 02:23 PM

Monitor firewall inspection statistics with the show policy-map type inspect zone-pair commands. This commands helps you to identify the problem.

Here is the link to configure.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml#cg1

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card