Using CCP to create a service to be used in zone policy

Vishal.Seetal · ‎01-17-2012

Hi everyone,

I would like to solicit your help for configuring Cisco 2951 router using Cisco Configuration Professional. I have created a zone based firewall on the router and have created a zone policy for network traffic between two LANs or two zones. I need a create a rule for new traffic that should allow a custom user defined service to flow between the two zones associated with with two LANs. The problem is How do I created a custom service that I can use for the new traffic rule? I created a network service object as shown in the sreenshot below:

However, when I am adding the new rule, this service object does not appear in the user defined service in the protocols tree box as shown in the screenshot below:

What is the proper way to create a custom user defined service? I was not able to create it using Classmap by the way because again I did not find the service object group in the user defined service when creating a classmap:

Any help will be greatly appreciated.

Thanks.

Vishal

Vishal.Seetal · ‎01-17-2012

hmm.. It seems Cisco Configuration Professional is a new boy in town..Anybody ever worked with CCP?

Thanks.

Julio Carvajal · ‎07-24-2012

Hello,

It needs to be done over the NAC section on Port to Application Mappings.

In that area we create the user defined service.

Then we go to the firewall area and we add it that service just by looking on the user defined protocol over the matching criteria.

Hope this is clear, I did my best trying to look over CCP for this particular scenario.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC