Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
5
Helpful
1
Replies

ZBF problem

Go to solution
RacsfogV
Level 1
Level 1

‎06-06-2018 12:29 PM - edited ‎02-21-2020 07:51 AM

Hi All!

 

I'm new here, hope my question will  be in the right place, anyway here is the thing:

 

You can see my topology below. I have to configure ospf in domain east, end eigrp on west, (I know it is the other way around on the picture, but just ignore it)

Im able to ping everything before I'm appling ZBF in the area of public WAN, but when applying the configuration on R1, ping is not working, and I do not know where the problem is. Please help to find it.

Here is the configuration of zbf:

 

R1

conf t
zone security LAN
zone security WAN
exit
class-map type inspect match-any LAN_PROTOCOLS
match access-group 110
exit
ip access-list extended 110
permit tcp any any
permit udp any any
permit icmp any any
policy-map type inspect LAN_TO_WAN
class type inspect LAN_PROTOCOLS
inspect
exit
zone-pair security IN_TO_OUT_ZONE source LAN destination WAN
service-policy type inspect LAN_TO_WAN
exit
int g0/1
zone-member security LAN
int g0/0
zone-member security WAN
do wr

 

topologia.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎06-07-2018 08:32 AM

Hi,

R1 is the router configured with ZBFW? It's in the yellow circle and you are pinging from a device in the LAN, which is in the blue circle to a device in the WAN in the red circle?

 

In your ZBFW configuration you've defined Gi0/1 as LAN and Gi0/0 as WAN, but in the diagram if the LAN is in the blue circle the interfaces are Serial 0/0/0 and 0/1/0 and the WAN is Gi0/1 (not LAN as per config). You may just need to apply the correct zone-member to the correct interface.

 

Please clarify your configuration so we can troubleshoot further.

 

 

View solution in original post

1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎06-07-2018 08:32 AM

Hi,

R1 is the router configured with ZBFW? It's in the yellow circle and you are pinging from a device in the LAN, which is in the blue circle to a device in the WAN in the red circle?

 

In your ZBFW configuration you've defined Gi0/1 as LAN and Gi0/0 as WAN, but in the diagram if the LAN is in the blue circle the interfaces are Serial 0/0/0 and 0/1/0 and the WAN is Gi0/1 (not LAN as per config). You may just need to apply the correct zone-member to the correct interface.

 

Please clarify your configuration so we can troubleshoot further.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card