https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521214#M601025 <HTML><HEAD></HEAD><BODY><P>thanks Mike for your reply</P><P></P><P>but the only IOS images I can find in the TFTP of the server-PT are .T1</P><P></P><P>so I want to know whether the T1 IOS version has a "bug" related to the code I wrote above (concerning the http protocol) ???</P><P></P><P></P><P>thank you</P></BODY></HTML> Wed, 20 Oct 2010 07:36:39 GMT ibtissamshukor 2010-10-20T07:36:39Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521208#M601019 <P>hi</P><P>I'm still new to firewall &amp; zone-base firewall using packet tracer (version 5.3.0.0088)</P><P></P><P>I need to allow ONLY http protocol between zone1 &amp; zone2, below is the code I'm using on the router</P><P>(zones are initialized properly on the interfaces)</P><P></P><P>config t</P><P>class-map type inspect match-any cm1</P><P>match protocol http</P><P></P><P>policy-map type inspect pm1</P><P>class type inspect cm1</P><P>inspect</P><P></P><P>as soon as I write inpect the following message appears:</P><P></P><P><EM>%No specific protocol configured in class cm1 for inspection. All protocols will be inspected</EM></P><P></P><P>please if some-one can help me</P><P></P><P>N.B. any protocol other than the http doesn't give the above message</P><P></P><P></P><P>thank you very much</P> Mon, 11 Mar 2019 18:54:38 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521208#M601019 ibtissamshukor 2019-03-11T18:54:38Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521209#M601020 <HTML><HEAD></HEAD><BODY><P>I just tried it and I did not get that error.</P><P>What code are you running on the router? I tried it in 12.4(24)T3.</P><P></P><P>-KS</P></BODY></HTML> Fri, 15 Oct 2010 12:31:19 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521209#M601020 Kureli Sankar 2010-10-15T12:31:19Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521210#M601021 <HTML><HEAD></HEAD><BODY><P>There were some issues with the syntax in earlier 12.4 version.</P><P>As kusankar mentioned in latest versions your syntax will work ok.</P><P></P><P>The inspection you are trying to do is L4 and can also be done like this</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>access-list 101 permit tcp any any eq 80 </P><P></P><P>class-map type inspect match-any cm1</P><P>&nbsp; match access-group 101</P><P></P></PRE><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Fri, 15 Oct 2010 14:58:24 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521210#M601021 Panos Kampanakis 2010-10-15T14:58:24Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521211#M601022 <HTML><HEAD></HEAD><BODY><P>thank you guys for your reply</P><P></P><P>actually the version of packet tracer I'm running is 12.4(15)T1</P></BODY></HTML> Sat, 16 Oct 2010 07:39:47 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521211#M601022 ibtissamshukor 2010-10-16T07:39:47Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521212#M601023 <HTML><HEAD></HEAD><BODY><P>hey guys</P><P></P><P>I'm using applying the commands on packet tracer (the software), is there a way to upgrade the IOS image on the router of the software???</P><P></P><P>thanks</P></BODY></HTML> Mon, 18 Oct 2010 10:09:49 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521212#M601023 ibtissamshukor 2010-10-18T10:09:49Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521213#M601024 <HTML><HEAD></HEAD><BODY><P>Hello Shukor!</P><P></P><P>This is Mike, I hope you are doing great. Yup, you can do upgrade to the IOS of the routers, but only with the ones that appear as per default (This is from packet tracer 5)</P><P></P><P>Just drag/drop a Server PT on the topology, click on the tab config and then TFTP, you will be able to see the images that you are allow to run.</P><P></P><P>Hope it helps.</P><P></P><P>Mike</P></BODY></HTML> Mon, 18 Oct 2010 21:05:21 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521213#M601024 Maykol Rojas 2010-10-18T21:05:21Z https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521214#M601025 <HTML><HEAD></HEAD><BODY><P>thanks Mike for your reply</P><P></P><P>but the only IOS images I can find in the TFTP of the server-PT are .T1</P><P></P><P>so I want to know whether the T1 IOS version has a "bug" related to the code I wrote above (concerning the http protocol) ???</P><P></P><P></P><P>thank you</P></BODY></HTML> Wed, 20 Oct 2010 07:36:39 GMT https://community.cisco.com/t5/network-security/allowing-only-http-from-zone1-to-zone2/m-p/1521214#M601025 ibtissamshukor 2010-10-20T07:36:39Z