Hello,
I have configured a ZFW on a 2801 router and everything is working fine, apart for the tacacs policy. My configuration is as follows:
ip access-list extended TKSwitch-Tacacs
permit tcp host x.x.x.x host y.y.y.y eq tacacs
permit tcp host x.x.x.x host z.z.z.z eq tacacs
class-map type inspect match-all TK_Tacacs
match protocol tacacs
match access-group name TKSwitch-Tacacs
policy-map type inspect TK2Inside
class type inspect TK_Tacacs
inspect
When the "match protocol" command is used under the class map, tacacs authentication of the device x.x.x.x fails, with this message in the log:
000198: Aug 1 12:26:21.318: %FW-6-DROP_PKT: Dropping tcp session x.x.x.x:33306 y.y.y.y:49 due to Stray Segment with ip ident 0
If I omit the "match protocol", then the authentication works fine.
Any help will be highly appreciated.
Thanks!