Adding to Jennifer's reply if your intent is also to block certain websites being accessed from the local LAN please check the below link,https://supportforums.cisco.com/docs/DOC-1268Regards,Usaid.
When tunnels are terminating on the router, that is the self zone, by default all the traffic is allowed, If you want to restrict access you need to create a self zone and add a zone-pair from WAN to Self.Hope this link will help you,http://inkling/?...
Thanks for the output, I dont understand why it is not working, everything seems to be in place, lets have the packet-tracer from the other away around now.packet-tracer input inside icmp 10.1.1.4 8 0 10.2.1.4 detailedIf the result for the output as ...
I guess you are not able to ICMP from 10.2.1.0/24 because, when you ping to 10.1.1.0/24 subnet, the echo-request packet goes straight via the switch to the machine, but the reply packet comes through the firewall and the firewall drops it.What you ca...