Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

allowing only http from zone1 to zone2

hi

I'm still new to firewall & zone-base firewall using packet tracer (version 5.3.0.0088)

I need to allow ONLY http protocol between zone1 & zone2, below is the code I'm using on the router

(zones are initialized properly on the interfaces)

config t

class-map type inspect match-any cm1

match protocol http

policy-map type inspect pm1

class type inspect cm1

inspect

as soon as I write inpect the following message appears:

%No specific protocol configured in class cm1 for inspection. All protocols will be inspected

please if some-one can help me

N.B. any protocol other than the http doesn't give the above message

thank you very much

Everyone's tags (2)
6 REPLIES
Cisco Employee

Re: allowing only http from zone1 to zone2

I just tried it and I did not get that error.

What code are you running on the router? I tried it in 12.4(24)T3.

-KS

Cisco Employee

Re: allowing only http from zone1 to zone2

There were some issues with the syntax in earlier 12.4 version.

As kusankar mentioned in latest versions your syntax will work ok.

The inspection you are trying to do is L4 and can also be done like this

access-list 101 permit tcp any any eq 80

class-map type inspect match-any cm1

  match access-group 101

I hope it helps.

PK

New Member

Re: allowing only http from zone1 to zone2

thank you guys for your reply

actually the version of packet tracer I'm running is 12.4(15)T1

New Member

Re: allowing only http from zone1 to zone2

hey guys

I'm using applying the commands on packet tracer (the software), is there a way to upgrade the IOS image on the router of the software???

thanks

Cisco Employee

Re: allowing only http from zone1 to zone2

Hello Shukor!

This is Mike, I hope you are doing great. Yup, you can do upgrade to the IOS of the routers, but only with the ones that appear as per default (This is from packet tracer 5)

Just drag/drop a Server PT on the topology, click on the tab config and then TFTP, you will be able to see the images that you are allow to run.

Hope it helps.

Mike

Mike
New Member

Re: allowing only http from zone1 to zone2

thanks Mike for your reply

but the only IOS images I can find in the TFTP of the server-PT are .T1

so I want to know whether the T1 IOS version has a "bug" related to the code I wrote above (concerning the http protocol) ???

thank you

438
Views
0
Helpful
6
Replies
CreatePlease login to create content