Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

5506-X in packet tracer can't configure global policy/policy map

samellington
Level 1
Level 1

‎08-01-2021 12:46 PM - edited ‎08-01-2021 12:49 PM

I am working on a project in Packet Tracer, and I'm running into an issue where I am unable to edit the global policy of the 5506 firewalls I have configured.

When I issue the command "policy-map global_policy", it returns "ERROR: policy-map/policy-map of different type exists."

Is there any way to fix this? I have posted the config below

 

ASA Version 9.6(1)

!

hostname CambridgeFW

names

!

interface GigabitEthernet1/1

nameif OUTSIDE

security-level 0

ip address 10.1.1.1 255.255.255.0

duplex full

speed 1000

!

interface GigabitEthernet1/2

nameif INSIDE

security-level 100

ip address 192.168.129.2 255.255.255.0

duplex full

speed 1000

!

interface GigabitEthernet1/3

nameif DMZ

security-level 50

ip address 192.168.131.1 255.255.255.0

duplex full

speed 1000

!

interface GigabitEthernet1/4

nameif WIRELESS

security-level 25

ip address 192.168.132.2 255.255.255.0

duplex full

speed 1000

!

interface GigabitEthernet1/5

no nameif

no security-level

no ip address

shutdown

!

interface GigabitEthernet1/6

no nameif

no security-level

no ip address

shutdown

!

interface GigabitEthernet1/7

no nameif

no security-level

no ip address

shutdown

!

interface GigabitEthernet1/8

no nameif

no security-level

no ip address

shutdown

!

interface Management1/1

management-only

no nameif

no security-level

no ip address

shutdown

!

object network DMZ

subnet 192.168.131.0 255.255.255.0

object network INSIDE

subnet 192.168.128.0 255.255.255.0

object network WIRELESS

subnet 192.168.133.0 255.255.255.0

object network ftpserver

host 192.168.131.5

object network ftpserver-external-ip

host 10.10.10.10

!

!

access-list OUTSIDE extended permit icmp any any echo-reply

access-list OUTSIDE extended permit icmp any any unreachable

access-list OUTSIDE_acl extended permit icmp any any unreachable

access-list OUTSIDE_acl extended permit icmp any any echo-reply

access-list OUTSIDE_acl extended permit icmp any any echo

!

!

access-group OUTSIDE_acl in interface OUTSIDE

object network DMZ

nat (DMZ,OUTSIDE) dynamic interface

object network INSIDE

nat (INSIDE,OUTSIDE) dynamic interface

object network WIRELESS

nat (WIRELESS,OUTSIDE) dynamic interface

object network ftpserver

nat (DMZ,OUTSIDE) static 10.10.10.10

!

!

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect tftp

!

service-policy global_policy global

!

telnet timeout 5

ssh timeout 5

!

!

!

!

router rip

version 2

network 10.0.0.0

network 192.168.128.0

network 192.168.129.0

network 192.168.130.0

network 192.168.131.0

network 192.168.132.0

network 192.168.133.0

!

 

 

3 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic