Hi,I'm trying to run ZBFW on a 2811 with IOS version 15.3(T4) and I'm running into a strange issue I'm not quite sure how to troubleshoot.I have 3 zones, internet, local, and ssl-vpn.The rules I'm trying to enforce are: all traffic from SSL-VPN can g...
At least in my experience it wasn't the version of IOS (although 15 solved a couple of other wierd things I was seeing) but massively increasing the OOO buffers that fixed the problem and allowed inspect to be used.YMMV.
Actually, it's even wierder than that.I have the 2811 with a layer 3 port (f0/1) fronting a 3560 that had 2 VLAN's on it, internal and servers. The server in question is a Linux box with 2 NICs. I had one nic on VLAN 1 and one nic on VLAN 2 (192.168....
I would add the new outside IP 2.2.2.2 as a secondary IP on the 1.1.1.1 interface and add NAT rules. I don't believe the static default route would change.No, you can't use a network or broadcast IP in a block for anything.
