I have a 2801 that I am using ZBFW on and having issue getting DHCP. My policies are very simple, inspect from insidezone to outside and inspect on ports from outside to insidezone (for my port forwards). With no self zone policies in place I can get dhcp and everything works no problem. I am wondering if there is a way to implement some policies drop inbound connections (stealth mode) without also blocking my dhcp.
Here are the security commands i am entering which enable traffic drops but also block my dhcp-
I have assigned my outside interface with the OutsideZone as well. The are the only commands I enter that seem to cause my problem. I feel like I am just missing something. I went over all the zone-based firewall guides on the cisco site that I could find but I am sadly lost.
Thank you Jennifer, I will try this out when I get home. I am just somewhat confused, I can see adding the rule from outside -> self, but wouldnt the udp inspect from self -> outside cover the outgoing?
I think I got it worked out by making some changes. I put the pass class-map for dhcp first and then put the inspect class-map in place. Still not sure why it wouldn't work with inspect udp, but I am happy enough to have it working.