I am migrating CBAC IOS FW to IOS Zone based Firewall and i have some question. My scenario has one interface for my LAN and multiple, more than 100 GRE tunnel interfaces for my branches. For CBAC if i wanted to do inspection for a particular interface i could specify my Inspection and then apply the inspection to the specific interface. The traffic direction is from each tunnel towards the inside interface and from the inside interface towards the tunnel. i want to accomplish the same thing with zone based firewall. If i assign the inside interface to a zone in order to form a zone pair with the tunnel i want inspection on, i will have to create a zone pair for each of the tunnel i have so that traffic can flow from tunnel to inside and then do another pair from inside to tunnel. so i will end up doing at least 100 zone pairs for traffic flowing from inside to tunnel and 100 zone pairs for traffic flowing from tunnel to inside and that is because i want to enable ftp inspection for only one tunnel to inside flow. is this correct? is there another way to accomplish this without so much hassle?
I hope i made my self clear to you.
Please note that i cannot use CBAC since my router don't support it.
This is interesting scenario and requires lot of traffic matching and typing. Never thought about this one. I am trying to configure with all the options but the only way could find is the way you mentioned. But I will check more on this. Please share if you have the solution already.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.