Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
0
Helpful
0
Replies

no traffic after basic firewall setup

wiselordferguson
Level 1
Level 1

‎12-03-2013 11:58 PM

My internet connection is working fine, I perform the Basic Firewall wizard and then my internet connection stops working.

Removing the the options form the Firewall Policy tab brings the internet back, but of course I have not firewall.

Here are the commands being delivered at the end of the firewall setup wizard:

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

exit

class-map type inspect match-all ccp-invalid-src

match access-group 100

exit

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

exit

class-map type inspect match-all ccp-protocol-http

match protocol http

exit

class-map type inspect match-any ccp-sip-inspect

match protocol sip

exit

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

exit

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

exit

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

exit

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

exit

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

exit

class-map type inspect match-any ccp-h323-inspect

match protocol h323

exit

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

exit

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

  no drop

  inspect

  exit

class class-default

  no drop

  pass

  exit

exit

policy-map type inspect ccp-permit

class class-default

exit

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

  exit

class type inspect ccp-protocol-http

  no drop

  inspect

  exit

class type inspect ccp-insp-traffic

  no drop

  inspect

  exit

class type inspect ccp-sip-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323annexe-inspect

  no drop

  inspect

  exit

class type inspect ccp-h225ras-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323nxg-inspect

  no drop

  inspect

  exit

class type inspect ccp-skinny-inspect

  no drop

  inspect

  exit

exit

zone security out-zone

zone security in-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

exit

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

exit

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

exit

interface Vlan1

zone-member security in-zone

exit

interface Dialer1

zone-member security out-zone

exit

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

exit

class-map type inspect match-all ccp-invalid-src

match access-group 100

exit

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

exit

class-map type inspect match-all ccp-protocol-http

match protocol http

exit

class-map type inspect match-any ccp-sip-inspect

match protocol sip

exit

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

exit

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

exit

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

exit

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

exit

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

exit

class-map type inspect match-any ccp-h323-inspect

match protocol h323

exit

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

exit

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

  no drop

  inspect

  exit

class class-default

  no drop

  pass

  exit

exit

policy-map type inspect ccp-permit

class class-default

exit

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

  exit

class type inspect ccp-protocol-http

  no drop

  inspect

  exit

class type inspect ccp-insp-traffic

  no drop

  inspect

  exit

class type inspect ccp-sip-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323annexe-inspect

  no drop

  inspect

  exit

class type inspect ccp-h225ras-inspect

  no drop

  inspect

  exit

class type inspect ccp-h323nxg-inspect

  no drop

  inspect

  exit

class type inspect ccp-skinny-inspect

  no drop

  inspect

  exit

exit

zone security out-zone

zone security in-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

exit

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

exit

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

exit

interface Vlan1

zone-member security in-zone

exit

interface Dialer1

zone-member security out-zone

exit

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents