Hi All,

I am trying to replace an old 800 series router with a new ISR 900 series. I am trying to implement the class maps and policy maps. The syntax no longer has "type inspect" for class maps which is fine. However, for policy map, I cannot find the equivalent for the inspect command.

Old policy map is:

policy-map type inspect private-to-internet-pmap
  class type inspect all-private
    inspect
  class class-default
    drop

What is the equivalent to the above? It won't even allow drop for class-default

I have tried:

policy-map private-to-internet-pmap
  class all-private
    available commands are:
bandwidth Bandwidth
compression Activate Compression
drop Drop all packets
exit Exit from class action configuration mode
fair-queue Enable Flow-based Fair Queuing in this Class
flow Flow subcommands
log Log IPv4 and ARP packets
measure Measure
netflow-sampler NetFlow action
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping

EDIT:
There is no ability to add zones and zone pairs. All Cisco documentation on the ISR 900 series firewall configuration link to older documentation using older syntax. (https://www.cisco.com/c/en/us/td/docs/routers/access/900/software/configuration/guide/900SCG/Secconf1.html)

Edit: Turns out our router did not have the security package.

Cheers,

Vlad