01-27-2011 01:34 PM - edited 03-11-2019 12:41 PM
Hi,
this weekend I will have a 881w and I am new with the zone-based firewall concept. I'am really not sure how zones will deal with my EZVPN config on the router.
I have read some stuff that said you cannot configure a self zone with inspect to accept the VPN traffic you need the "pass"
Here is my config for that zone.. anyone can tell me if I'm in the right way.. do you guys have any configuration exemple to share ?
ip access-list extended ISAKMP
permit udp any any eq isakmp
permit ahp any any
permit esp any any
permit udp any any eq non500-isakmp
class-map type inspect match-any OUTSIDE-Self_ClassMAP
match access-group name ISAKMP
policy-map type inspect OUTSIDE-Self_PlcyMAP
class type inspect OUTSIDE-Self_ClassMAP
pass
zone-pair security OUT->Self source OUTSIDE destination self
service-policy type inspect OUTSIDE-Self_PlcyMAP
thanks
01-27-2011 06:16 PM
Hi,
The following link will describe the basic configuration:
Regards,
Anisha
P.S.: please mark this thread as resolved if you feel your query is answered.
01-28-2011 07:00 AM
But I can't understand how VPN traffic ( ESP, ipsec ) will pass
through the firewall without any ACL to permit it ?
they dont talk about that
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide