Error setting up firewall using SDM on a Cisco 857W

Today I encountered the following error while installing basic firewall settings using Cisco Security Device Manager (SDM) 2.5 on a Cisco 857W router:

class-map type inspect imap match-any sdm-app-imap

Error detected as this command. Click OK

Basically this meant that the firewall rules generated by SDM couldn’t be applied to the device. A little Googling discovered that this is due to the fact that there is a bug in SDM which causes it not to pick up that the Cisco 857W does not support zone based firewall functionality. The fix was to set up a single inspection rule on one of the interfaces from the CLI, and then restart SDM and try to create the basic firewall config again.

So to fix this from the CLI apply an inspection rule to one of the interfaces, in this case Dialer0:

conf t

ip inspect name myrule tcp

int dialer0

ip inspect myrule out

exit

After doing this restart SDM and try to apply the basic firewall config again, and it should work, also removing the rule you created above in the process.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: