Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
377
Views
0
Helpful
1
Replies

Multible zone IOS firewal (ZBF)

kashman37
Level 1
Level 1

‎03-20-2012 04:25 AM - edited ‎03-04-2019 03:43 PM

Hi guys,

I am migrating CBAC IOS FW to IOS Zone based Firewall and i have some question. My scenario has one interface for my LAN and multiple, more than 100 GRE tunnel interfaces for my branches. For CBAC if i wanted to do inspection for a particular interface i could specify my Inspection and then apply the inspection to the specific interface. The traffic direction is from each tunnel towards the inside interface and from the inside interface towards the tunnel. i want to accomplish the same thing with zone based firewall. If i assign the inside interface to a zone in order to form a zone pair with the tunnel i want inspection on, i will have to create a zone pair for each of the tunnel i have so that  traffic can flow from tunnel to inside and then do another pair from inside to tunnel. so i will end up doing at least 100 zone pairs for traffic flowing from inside to tunnel and 100 zone pairs for traffic flowing from tunnel to inside and that is because i want to enable ftp inspection for only one tunnel to inside flow. is this correct? is there another way to accomplish this  without so much hassle?

I hope i made my self clear to you.

Please note that i cannot use CBAC since my router don't support it.

Any answer will be appreciated.

Labels:
0 Helpful
1 Reply 1

Nandan Mathure
Level 1
Level 1

‎03-23-2012 09:43 AM

@kashman37

This is interesting scenario and requires lot of traffic matching and typing. Never thought about this one. I am trying to configure with all the options but the only way could find is the way you mentioned. But I will check more on this. Please share if you have the solution already.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card