Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
0
Helpful
6
Replies

allowing only http from zone1 to zone2

ibtissamshukor
Level 1
Level 1

‎10-15-2010 03:17 AM - edited ‎03-11-2019 11:54 AM

hi

I'm still new to firewall & zone-base firewall using packet tracer (version 5.3.0.0088)

I need to allow ONLY http protocol between zone1 & zone2, below is the code I'm using on the router

(zones are initialized properly on the interfaces)

config t

class-map type inspect match-any cm1

match protocol http

policy-map type inspect pm1

class type inspect cm1

inspect

as soon as I write inpect the following message appears:

%No specific protocol configured in class cm1 for inspection. All protocols will be inspected

please if some-one can help me

N.B. any protocol other than the http doesn't give the above message

thank you very much

Labels:
0 Helpful
6 Replies 6

Kureli Sankar
Cisco Employee
Cisco Employee

‎10-15-2010 05:31 AM

I just tried it and I did not get that error.

What code are you running on the router? I tried it in 12.4(24)T3.

-KS

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee

‎10-15-2010 07:58 AM

There were some issues with the syntax in earlier 12.4 version.

As kusankar mentioned in latest versions your syntax will work ok.

The inspection you are trying to do is L4 and can also be done like this

access-list 101 permit tcp any any eq 80 
class-map type inspect match-any cm1
  match access-group 101

I hope it helps.

PK

0 Helpful

ibtissamshukor
Level 1
Level 1
In response to Panos Kampanakis

‎10-16-2010 12:39 AM

thank you guys for your reply

actually the version of packet tracer I'm running is 12.4(15)T1

0 Helpful

ibtissamshukor
Level 1
Level 1
In response to ibtissamshukor

‎10-18-2010 03:09 AM

hey guys

I'm using applying the commands on packet tracer (the software), is there a way to upgrade the IOS image on the router of the software???

thanks

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to ibtissamshukor

‎10-18-2010 02:05 PM

Hello Shukor!

This is Mike, I hope you are doing great. Yup, you can do upgrade to the IOS of the routers, but only with the ones that appear as per default (This is from packet tracer 5)

Just drag/drop a Server PT on the topology, click on the tab config and then TFTP, you will be able to see the images that you are allow to run.

Hope it helps.

Mike

Mike
0 Helpful

ibtissamshukor
Level 1
Level 1
In response to Maykol Rojas

‎10-20-2010 12:36 AM

thanks Mike for your reply

but the only IOS images I can find in the TFTP of the server-PT are .T1

so I want to know whether the T1 IOS version has a "bug" related to the code I wrote above (concerning the http protocol) ???

thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card