Let me take you through my first Video tutorial. In this example we will configure a based basic zone based firewall in a Cisco 3725 router running IOS Version 12.4(11)XW7
R2 will be configured as a Zone based Firewall, allowing traffic from R1 to R3 for service Telnet & SSH and traffic from R3 to R1 for service Ping.
 |
| Zone based Firewall |
1) Create a access-list
2) Create a class-map
3) Match the access-list in class map
4) Create a policy map
5) Assign a class-map to the policy map.
6) Creat Zones
7) Assign Zones to interfaces
8) Create a Zone pair using these newly created zones and assign the policy map to it. (Note: you can only have one policy map per zone pair)
R1 Configuration
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip address 1.1.1.1 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 1.1.1.2
R2 Configuration
class-map type inspect match-all c-map-inside-2-outside
match access-group 100
class-map type inspect match-all c-map-outside-2-inside
match access-group 101
!
!
policy-map type inspect p-map-inside-2-outside
class type inspect c-map-inside-2-outside
inspect
class class-default
policy-map type inspect p-map-outside-2-inside
class type inspect c-map-outside-2-inside
inspect
class class-default
!
!
zone security inside
zone security outside
zone-pair security inside-to-outside source inside destination outside
service-policy type inspect p-map-inside-2-outside
zone-pair security outside-to-inside source outside destination inside
service-policy type inspect p-map-outside-2-inside
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
zone-member security inside
!
!
interface FastEthernet0/1
ip address 2.2.2.1 255.255.255.0
zone-member security outside
!
!
access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq telnet
access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
access-list 101 permit icmp host 2.2.2.2 host 1.1.1.1 echo
R3 Configuration
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 2.2.2.1
ip address 2.2.2.2 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 2.2.2.1
 |
| Leave your comment below |
No comments:
Post a Comment