Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1520
Views
10
Helpful
4
Replies

ZBF: Traffic passing from zone to zone

Go to solution
_rucisco_
Level 1
Level 1

‎09-21-2021 03:28 AM

Hi everyone,

 

I have a very simple setting in Packet Tracer to test what I learned from zone-based firewalls.

 

WAN <==>[Fa0/0] c2811 [Fa0/1]<==> LAN

 

I am using c2811 router, which is the only one in Packet Tracer 6.0.1 (the only version I have access to), because it is the only router I could find the zone-member command to assign an interface to a zone. Routers c2901 and c2911 don't have this command, or I couldn't find it (is it somewhere different from the interface menu?).

 

So my configuration is very simple:

 

zone security LAN
zone security WAN
zone-pair security LAN2WAN source LAN destination WAN
zone-pair security WAN2LAN source WAN destination LAN
!
interface FastEthernet0/0
  ip address 192.168.1.1 255.255.255.0
  zone-member security WAN
  duplex auto
  speed auto
!
interface FastEthernet0/1
  ip address 192.168.2.1 255.255.255.0
  zone-member security LAN
  duplex auto
  speed auto
!

From what I read in several sites (including Cisco's) after creating the zones, assigning interfaces to them and creating the zone pairs, all inter zone traffic should be block. However, I can ping from one PC in LAN to another PC in WAN.

 

What am I missing?

 

Thanks in advance!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎09-26-2021 11:35 PM

Hello,

 

I am using the latest version (8), and your setup works as expected (all traffic between both hosts is blocked by the ZBF).

 

So in all likelihood the outdated version you are using is the culprit...

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎09-26-2021 11:35 PM

Hello,

 

I am using the latest version (8), and your setup works as expected (all traffic between both hosts is blocked by the ZBF).

 

So in all likelihood the outdated version you are using is the culprit...

Go to solution
_rucisco_
Level 1
Level 1

‎09-26-2021 11:55 PM

Thank you very much. That's really helpfull.

Why the behaviour in older versions is different form the expected behaviour? Aren't actual firmwares being used in Packet Tracer?

 

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to _rucisco_

‎09-27-2021 12:11 AM

Hello,

 

Packet Tracer does not use real IOS images, it basically is just a simulator for learning the basics. Different versions have different feature sets...I think yours (version 6) is rather old ?

 

Either way, can you download version 8 ?

0 Helpful

Go to solution
_rucisco_
Level 1
Level 1
In response to Georg Pauwen

‎09-27-2021 12:20 AM

Ohh, I thought they were real images but with less features.

I can personally download a newer version but I should stick to version 6 becuase that is the one used in my school....

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card