Hi All,
I am trying to replace an old 800 series router with a new ISR 900 series. I am trying to implement the class maps and policy maps. The syntax no longer has "type inspect" for class maps which is fine. However, for policy map, I cannot find the equivalent for the inspect command.
Old policy map is:
policy-map type inspect private-to-internet-pmap
class type inspect all-private
inspect
class class-default
drop
What is the equivalent to the above? It won't even allow drop for class-default
I have tried:
policy-map private-to-internet-pmap
class all-private
available commands are:
bandwidth Bandwidth
compression Activate Compression
drop Drop all packets
exit Exit from class action configuration mode
fair-queue Enable Flow-based Fair Queuing in this Class
flow Flow subcommands
log Log IPv4 and ARP packets
measure Measure
netflow-sampler NetFlow action
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
EDIT:
There is no ability to add zones and zone pairs. All Cisco documentation on the ISR 900 series firewall configuration link to older documentation using older syntax. (https://www.cisco.com/c/en/us/td/docs/routers/access/900/software/configuration/guide/900SCG/Secconf1.html)
Edit: Turns out our router did not have the security package.
Cheers,
Vlad