cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
708
Views
0
Helpful
3
Replies

2911 Router, CCP, NAT & Firewall Config Question

sandersc
Level 1
Level 1

Cicco 2911 Router

CCP 2.5

Hi Guys,

Please bear with me.  I’m new to Cisco IOS.

I’m “attempting” to configure a 2911 Router utilizing Cisco Configuration Professional 2.5

Zone based Firewall Policy is configured.

Traffic is flowing out without a problem.

The only way I can get NAT policies such as ICMP, SMTP, RDP to work, is creating a Rule for New Traffic under Security, Firewall, Edit Firewall Policy, ccp-permit (out-zone to self).

When I configure ACL’s via the ACL Editor, should I see the resulting rule under Firewall Policy?

Shouldn’t the ACL create the Firewall Policy?

Thanks!

Chip

3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

Hi,

ZBF is using ACL to match traffic not for filtering like  so you'll have to create the rules under the firewall Policy.

But for static NAT to work from Outside to Inside you must have a  service-policy applied for source outside and destination inside not self which is the zonz for traffic coming to/originated from the router not traffic traversing the router.

Regards.

Alain

Don't forget to rate helpful posts.

Hi Alan,

Thanks for the information and taking the time

Is it possible to add a ACL Service Object Group to the Firewall Policy, out-zone to in-zone, Rule for new traffic? (didn't see this as an option in drop down). Or does each service need a seperate policy?

Thank you!

Chip

Hi,

I've never implemented ZBF with a GUI but if you tell me what you want and post the running config, I can tell you the CLI commands to do it.

Regards.

Alain

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: