Hello,
I've remote vpn running on a 2801, now i decide to use ZBF to have some firewall feature on cisco router but, after deploy ZBF on my 2801 box i can connect but no traffic cross my internal lan.
Topology:
ZBF config.:
class-map type inspect match-any CHAP-1
match protocol tcp
match protocol icmp
match protocol udp
!
!
policy-map type inspect PMAP-1
class type inspect CHAP-1
inspect
police rate 8000 burst 1000
class class-default
!
zone security inside
zone security outside
zone-pair security inside-to-outside source inside destination outside
service-policy type inspect PMAP-1
*****************************************************************
interface FastEthernet0/0.32
description **** INSIDE INTERFACE ****
encapsulation dot1Q 32
ip address XX.XX.XX.XX XXX.XXX.XXX.XXX
ip access-group NON-MANAGEMENT-INSIDE_ETH in
ip nat inside
ip virtual-reassembly
zone-member security inside
no ip route-cache
interface FastEthernet0/1.10
description **** OUTSIDE INTERFACE ****
encapsulation dot1Q 110
ip address XX.XX.XXX.XX XXX.XXX.XXX.XXX
ip access-group ACL-INFRASTRUCTURE-IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security outside
no cdp enable
*************************************************************
ROUTES
ip route 0.0.0.0 0.0.0.0 64.30.XXX.XX
ip route 1X.1X.0.0 25X.25X.XXX.0 FastEthernet0/0.32
ip route 1X.1X.2X.0 25X.25X.XXX.0 FastEthernet0/0.32
ip route 1X.1X.1X.0 25X.25X.XXX.0 FastEthernet0/0.32
********************************************************
VPN ACL
ip access-list extended IT-VPN-ACL
permit ip 1X.1X.X0.0 0.0.X.255 17X.1X.2XX.0 0.0.0.255
permit ip 1Y.1Y.Y0.0 0.0.X.255 17X.1X.2XX.0 0.0.0.255
permit ip 1Z.1Z.Z.0 0.0.X.255 172.16.255.0 0.0.0.255
PLEASE HELP!!!
Accepted Solutions
