Customer complain HTTPS dosen't work
show policy-map type inspect zone-pair
you did not see drop outbound but seeing drop inbound
class-map type inspect match-all https-class
match protocol https
!
policy-map type inspect outside-to-inside
class type inspect https-class
pass
!
policy-map type inspect inside-to-outside
class type inspect https-class
pass
This might due to "match protocol https" can not match the return traffic,
the work around is to map https traffic with access list
access-list https extend permit tcp any eq 443 any gt 1024
class-map type inspect match-all https-class
match access-group https
No comments:
Post a Comment