From the documents Cisco guys wrote on new concept of the IOS firewall ZFW I assume nothing has changed in regards to ACLs and the way of applying them to the interfaces.
I am actually migrating from CBAC to ZFW and found out that if I keep my existing ACL on the outside interface I don't get the new ZFW config to work properly but as soon as I remove the ACL from the outside interface all works great. What does it mean? Do we need to now apply the ACLs through class-map statements and just add a new security zone-pair for the traffic coming in from outside?
Thanks in advance for any suggestions.