10-10-2010 03:07 AM - edited 03-11-2019 11:52 AM
Hi,
i have been doing some ZBF configuration on 2811 router with IOS version "advsecurityk9-mz.124-15.T10"
i configured a zone-pair from inside to outside with its policy-map and class-map (for the traffic that are initiated from inside),
the flow is 90% form inside to outside. i also configured zone-pair from outside to inside for the other 10% opposite traffic.
the problem is that some traffic are being stopped from inside to outside, and i am not able to track it or log it somehow.
my class-map is based on access-list (very long one). since i cannot log a line in an access-list, for example: deny ip any any log (not permitted)
i tried:
1- "show ip inspect session" but i cannot see any output (i read that it is for CBAC)
2- "show policy-map type inspect zone-pair" displays some counter for established session
The question is, how i can see the sessions and what is being blocked?
...............................
class-map type inspect match-any c2
match access-group name fromOut
class-map type inspect match-any c1
match access-group name fromIn
!
policy-map type inspect fromIn
class type inspect c1
inspect
class class-default
drop log
policy-map type inspect fromout
class type inspect c2
inspect
class class-default
drop log
!
Thank and Regards,
George
10-10-2010 04:53 AM
Hey George,
To view the sessions being created, use the command "show policy-map type inspect zone-pair NAME sessions". Replace NAME with the name of the corresponding zone-pairs.
To enable logging of dropped packets by zone based firewall, use the command "ip inspect log drop-pkt". You should then be able to see syslogs of dropped packets (along with details of zone-pair and class-map being hit).
Hope this helps!!
Thanks and Regards,
Prapanch
10-11-2010 02:17 PM
edited as the answer is above.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide