Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
0
Replies

Issue with Zone based Firewall using PFR routing

carl_townshend
Spotlight
Spotlight

‎04-30-2018 07:09 AM - edited ‎03-05-2019 10:21 AM

Hi All

I have set up a branch for IWAN, we are using Direct Internet access on the branch router and I have enabled Zone based Firewall.

We seem to be running into an issue whereby some return traffic to the hub is being sent to the branch internet router rather than the mpls router, the zone based firewall is dropping the packet with the below error

010057: Apr 30 13:58:17.188: %IOSXE-6-PLATFORM:  SIP1: cpp_cp: QFP:0.0 Thread:000 TS:00000353502343871900 %FW-6-DROP_PKT: Dropping tcp pkt from Tunnel0 X.X.X.X:18192 => X.X.X.X:39262(target:class)-(none:none) due to Firewall invalid zone with ip ident 0 tcp flag 0x12, seq 3117846285, ack 2817640094

 

It appears that Tunnel 0 is being created by PFR but is not part of any zone.

 

How do I fix this?

cheers

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card