08-01-2021 12:46 PM - edited 08-01-2021 12:49 PM
I am working on a project in Packet Tracer, and I'm running into an issue where I am unable to edit the global policy of the 5506 firewalls I have configured.
When I issue the command "policy-map global_policy", it returns "ERROR: policy-map/policy-map of different type exists."
Is there any way to fix this? I have posted the config below
ASA Version 9.6(1)
!
hostname CambridgeFW
names
!
interface GigabitEthernet1/1
nameif OUTSIDE
security-level 0
ip address 10.1.1.1 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet1/2
nameif INSIDE
security-level 100
ip address 192.168.129.2 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet1/3
nameif DMZ
security-level 50
ip address 192.168.131.1 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet1/4
nameif WIRELESS
security-level 25
ip address 192.168.132.2 255.255.255.0
duplex full
speed 1000
!
interface GigabitEthernet1/5
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/6
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/7
no nameif
no security-level
no ip address
shutdown
!
interface GigabitEthernet1/8
no nameif
no security-level
no ip address
shutdown
!
interface Management1/1
management-only
no nameif
no security-level
no ip address
shutdown
!
object network DMZ
subnet 192.168.131.0 255.255.255.0
object network INSIDE
subnet 192.168.128.0 255.255.255.0
object network WIRELESS
subnet 192.168.133.0 255.255.255.0
object network ftpserver
host 192.168.131.5
object network ftpserver-external-ip
host 10.10.10.10
!
!
access-list OUTSIDE extended permit icmp any any echo-reply
access-list OUTSIDE extended permit icmp any any unreachable
access-list OUTSIDE_acl extended permit icmp any any unreachable
access-list OUTSIDE_acl extended permit icmp any any echo-reply
access-list OUTSIDE_acl extended permit icmp any any echo
!
!
access-group OUTSIDE_acl in interface OUTSIDE
object network DMZ
nat (DMZ,OUTSIDE) dynamic interface
object network INSIDE
nat (INSIDE,OUTSIDE) dynamic interface
object network WIRELESS
nat (WIRELESS,OUTSIDE) dynamic interface
object network ftpserver
nat (DMZ,OUTSIDE) static 10.10.10.10
!
!
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect tftp
!
service-policy global_policy global
!
telnet timeout 5
ssh timeout 5
!
!
!
!
router rip
version 2
network 10.0.0.0
network 192.168.128.0
network 192.168.129.0
network 192.168.130.0
network 192.168.131.0
network 192.168.132.0
network 192.168.133.0
!