Filter
Top Products
Chapter 34 Zone-Based Policy Firewall
Zone Pairs
34-6
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
for traffic originating from the router itself, or destined for the router itself, such
as a zone pair configured for SNMP traffic. The Policy list contains the name of
each policy map configured on the router.
If you are editing a zone pair, you can change the policy map, but you cannot
change the name or the source or destination zones.
Add a Zone
You can configure an interface as a member of a security zone from the
Association tab of the Edit Interfaces and Connections dialog. The zone that you
add will include the interface that you are editing as a zone member.
Note • Traffic flowing to or from this interface is governed by the policy map
associated with the zone.
• An interface that you associate with this zone may be used for a site-to-site
VPN, DMVPN, Easy VPN, SSL VPN or other type of connection whose
traffic might be blocked by a firewall. When you associate an interface with
a zone in this dialog, SDM does not create any passthrough ACL to permit
such traffic. You can configure the necessary passthrough for the policy map
two ways.
–
Go to Configure > Firewall and ACL > Edit Firewall Policy > Rule for
New Traffic. In the displayed dialog, provide the source and destination
IP address information, and the type of traffic that must be allowed to
pass through the firewall. In the Action field, select Permit ACL.
–
Go to Configure > C3PL > Policy Map > Protocol Inspection. Provide
a protocol inspection policy map that will allow the necessary traffic to
pass through the firewall.
Zone Name
Enter the name of the zone that you want to add.