Hello,
Does anybody knows how I can pass/allow just SCTP traffic between two different security zones?
zone security ZONE_OUTSIDE
zone security ZONE_INSIDE
I also have an extended ACL in which it is not possible to allow only the sctp protocol.
I only get it to work if I allow IP traffic in the ACL (it is not feasible to allow all IP traffic for security reasons)
class-map type inspect match-any CMAP_PROTOCOLS_INSPECT_OUTSIDE_TO_IN
match protocol sctp
ip access-list extended ACL_OUTSIDE_IN
permit sctp ip_1 ip_2
permit ip ip_1 ip_2 (This option is not secure)
PD. We are trying with IOS XE 17.12.3a firmware but this does not work. ¿Any workaround?