Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2911 Router, CCP, NAT & Firewall Config Question

Cicco 2911 Router

CCP 2.5

Hi Guys,

Please bear with me.  I’m new to Cisco IOS.

I’m “attempting” to configure a 2911 Router utilizing Cisco Configuration Professional 2.5

Zone based Firewall Policy is configured.

Traffic is flowing out without a problem.

The only way I can get NAT policies such as ICMP, SMTP, RDP to work, is creating a Rule for New Traffic under Security, Firewall, Edit Firewall Policy, ccp-permit (out-zone to self).

When I configure ACL’s via the ACL Editor, should I see the resulting rule under Firewall Policy?

Shouldn’t the ACL create the Firewall Policy?

Thanks!

Chip

3 REPLIES
Purple

2911 Router, CCP, NAT & Firewall Config Question

Hi,

ZBF is using ACL to match traffic not for filtering like  so you'll have to create the rules under the firewall Policy.

But for static NAT to work from Outside to Inside you must have a  service-policy applied for source outside and destination inside not self which is the zonz for traffic coming to/originated from the router not traffic traversing the router.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

2911 Router, CCP, NAT & Firewall Config Question

Hi Alan,

Thanks for the information and taking the time

Is it possible to add a ACL Service Object Group to the Firewall Policy, out-zone to in-zone, Rule for new traffic? (didn't see this as an option in drop down). Or does each service need a seperate policy?

Thank you!

Chip

Purple

2911 Router, CCP, NAT & Firewall Config Question

Hi,

I've never implemented ZBF with a GUI but if you tell me what you want and post the running config, I can tell you the CLI commands to do it.

Regards.

Alain

Don't forget to rate helpful posts.
384
Views
0
Helpful
3
Replies