Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS zone-based firewall without protocol inspection

Hi, I defined about 20 zone-pair between 10 zone/vlan in a 2800 router.

Zone-based firewall runs very well but I'd like to avoid specific protocol inspection (now it inspects evry protocols) and to realize a simple L4 firewall, based on the class access-lists.

How to ?

thanks

1 REPLY
New Member

Re: IOS zone-based firewall without protocol inspection

You can combine the match access-group filter with Layer 4 specific filters like "match protocol tcp/udp/icmp" for Layer4 only inspection.For non-transport protocol like GRE, you need to have a "match access-list" with pass action.

131
Views
0
Helpful
1
Replies