https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606955#M590962 <HTML><HEAD></HEAD><BODY><P>Some more information, We have 2 vlans configured on the router.</P><P> Vlan 1 for the seperate users traffic and Vlan 2 for the management traffic we use for the vpn.</P><P></P><P>&nbsp; Vlan 1 is currently the inside zone for the security and dialer 0 is the outside, I have attached a copy of the currnt content filtering configuration</P></BODY></HTML> Wed, 23 Feb 2011 14:26:23 GMT steve-gates 2011-02-23T14:26:23Z https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606952#M590959 <P>Morning</P><P></P><P>&nbsp; I currently have a Cisco 887 running Trend filtering which is all running fine and blocking url's etc. I also have a Cisco 2960 and 3 x AP's running behind the 887. I have a VPN running on the 887 to enable us to connect remotely to the devices.</P><P></P><P> My problem is with the zone security outside not enabled on the dialer interface I can telnet,ping,ftp etc fine to the devices. As soon as I enable the zone security my ability to do any of this stops. Any ideas as to what else i need to configure would be appreciated..</P><P></P><P>&nbsp; Cheers</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; Steve</P> Mon, 11 Mar 2019 19:55:14 GMT https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606952#M590959 steve-gates 2019-03-11T19:55:14Z https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606953#M590960 <HTML><HEAD></HEAD><BODY><P>Yes, once you applied a zone to an interface, you will have to explicitly configure rules to allow access to those devices.</P><P></P><P>As you are connecting to the VPN first, I assume you have a VPN zone configured? If you do, then you will need to configure zone-pair between the VPN zone towards the inside zone, and the class map will match the traffic that you would like to allow, ie: FTP, telnet, ping,etc, with a policy-map set to "inspect".</P><P></P><P>Here is a sample configuration on ZBFW:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd8062a909.html">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd8062a909.html</A></P><P></P><P>Hope that helps.</P></BODY></HTML> Wed, 23 Feb 2011 11:45:32 GMT https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606953#M590960 Jennifer Halim 2011-02-23T11:45:32Z https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606954#M590961 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>&nbsp; Thanks for the reply. I don't have anything like a VPN Zone configured, can't seem to cut and paste my config onto here either..</P></BODY></HTML> Wed, 23 Feb 2011 12:48:48 GMT https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606954#M590961 steve-gates 2011-02-23T12:48:48Z https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606955#M590962 <HTML><HEAD></HEAD><BODY><P>Some more information, We have 2 vlans configured on the router.</P><P> Vlan 1 for the seperate users traffic and Vlan 2 for the management traffic we use for the vpn.</P><P></P><P>&nbsp; Vlan 1 is currently the inside zone for the security and dialer 0 is the outside, I have attached a copy of the currnt content filtering configuration</P></BODY></HTML> Wed, 23 Feb 2011 14:26:23 GMT https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606955#M590962 steve-gates 2011-02-23T14:26:23Z https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606956#M590964 <HTML><HEAD></HEAD><BODY><P>1) You will need to create an access-list that says permit from VPN Client pool subnet to internal subnets</P><P></P><P>2) Create a class-map to match the access-list above</P><P></P><P>3) Create a policy-map for the above class with the action as inspect</P><P></P><P>4) Apply the policy-map to zone-pair:</P><P>zone-pair security out-to-in source outside destination inside</P><P>&nbsp;&nbsp;&nbsp;&nbsp; <SPAN class="content">service-policy type inspect <NAME-OF-THE-POLICY-MAP-CREATED-AT-STEP3><BR /></NAME-OF-THE-POLICY-MAP-CREATED-AT-STEP3></SPAN></P></BODY></HTML> Thu, 24 Feb 2011 10:58:39 GMT https://community.cisco.com/t5/network-security/trend-content-filtering/m-p/1606956#M590964 Jennifer Halim 2011-02-24T10:58:39Z