zone-based firewall issue

hi

i am tryig to do simple setup only i wanted to test how to allow routing protocoll to work with the local router using ZFW

i used bgp and ospf it seems to be working with bgp only i used the bellow ACL first and class map

by the way i used zone out and zone-pair out as source and self as destination

access-list 100 permit ospf any any
access-list 100 permit tcp any eq bgp any
access-list 100 permit tcp any any eq bgp


class-map type inspect match-all route
 match access-group 100

when i made the actio in the policy for this class as drop only bgp droped !!!

then i added the bellow two line to the ACL but no luck

access-list 100 permit ip any host 224.0.0.5
access-list 100 permit ip any host 224.0.0.6

however when i add the bellow ACL as interfce ACL it block ospf

access-list 100 deny ospf any any
access-list 100 permit IP any any

any idea why ?

 

Sign In or Register to comment.