ZBF problem

RacsfogV — Fri, 21 Feb 2020 15:51:18 GMT

Hi All!

I'm new here, hope my question will be in the right place, anyway here is the thing:

You can see my topology below. I have to configure ospf in domain east, end eigrp on west, (I know it is the other way around on the picture, but just ignore it)

Im able to ping everything before I'm appling ZBF in the area of public WAN, but when applying the configuration on R1, ping is not working, and I do not know where the problem is. Please help to find it.

Here is the configuration of zbf:

conf t
zone security LAN
zone security WAN
exit
class-map type inspect match-any LAN_PROTOCOLS
match access-group 110
exit
ip access-list extended 110
permit tcp any any
permit udp any any
permit icmp any any
policy-map type inspect LAN_TO_WAN
class type inspect LAN_PROTOCOLS
inspect
exit
zone-pair security IN_TO_OUT_ZONE source LAN destination WAN
service-policy type inspect LAN_TO_WAN
exit
int g0/1
zone-member security LAN
int g0/0
zone-member security WAN
do wr

Re: ZBF problem

Rob Ingram — Thu, 07 Jun 2018 15:32:13 GMT

Hi,

R1 is the router configured with ZBFW? It's in the yellow circle and you are pinging from a device in the LAN, which is in the blue circle to a device in the WAN in the red circle?

In your ZBFW configuration you've defined Gi0/1 as LAN and Gi0/0 as WAN, but in the diagram if the LAN is in the blue circle the interfaces are Serial 0/0/0 and 0/1/0 and the WAN is Gi0/1 (not LAN as per config). You may just need to apply the correct zone-member to the correct interface.

Please clarify your configuration so we can troubleshoot further.

topic ZBF problem in Network Security

ZBF problem

Re: ZBF problem