Question: Did I set this up correctly? If not, please let me know how I can fix it. Configure a Zone-Based Firewall on Branchto allow Pings,
Did I set this up correctly? If not, please let me know how I can fix it.
Configure a Zone-Based Firewall on Branchto allow Pings, HTTP, and SSH traffic if the traffic starts from the inside (i.e. the LAN) OGOO is the inside of the network o S0/0/0 is the outside of the network o ISP and Branch2 should not be able to originate traffic to Branch1 Beanshi (config)# zone security INSIDE Beanshi (config)# class-map type inspect match-any INSIDE, PROTOCOLS Branch(config-map) # match protocol ter Branch(config-map) # match protocol udr Branch] (config-map) # match protocol isip Branch(config)# zone security OUTSIDE Branch(config)# class-map type inspect match-any QUTSIDE_PROTOCOLS Branch(config-map) # match protocol imp Branch(config-map) # match protocol http Beanshi (config-map) # match protocol ssh Beanshi (config)# policy-map type inspect INSIDE TO INTERNET Beanshi (config-omar) # class type inspect INSIDE_PROTOCOLS Beanshi (config-pmar-c) # inspect Bransbl (config)# zone-pair security INSIDE TO OUTSIDE source INSIDE destination OUTSIDE Branshi (config)# zone-pair security INSIDE TO OUTSIDE Branshl (config-sec-zone-pair)# service-policy type inspect INSIDE TO OUTSIDE Beanshi (config)# interface gl/o Branshl (config-if)# zone-member security INSIDE Beansh(config-if)# exit Branch] (config)# interface sl/0/0 Bransh1(config-if)# zone-member security OUTSIDE Topology .10 PC-B 10.10.2.0/24 Giol.1 ISP DCE so/0/1 50/0/0 192.168.1.0/24 192.168.2.0/24 DCE 50/0/0 so/0/1 Branch1 10.10.1.0/24 Gi01 1 Branch2 Gi0/1 10.10.3.0/24 PC-C PC-A .10 .10 Configure a Zone-Based Firewall on Branchto allow Pings, HTTP, and SSH traffic if the traffic starts from the inside (i.e. the LAN) OGOO is the inside of the network o S0/0/0 is the outside of the network o ISP and Branch2 should not be able to originate traffic to Branch1 Beanshi (config)# zone security INSIDE Beanshi (config)# class-map type inspect match-any INSIDE, PROTOCOLS Branch(config-map) # match protocol ter Branch(config-map) # match protocol udr Branch] (config-map) # match protocol isip Branch(config)# zone security OUTSIDE Branch(config)# class-map type inspect match-any QUTSIDE_PROTOCOLS Branch(config-map) # match protocol imp Branch(config-map) # match protocol http Beanshi (config-map) # match protocol ssh Beanshi (config)# policy-map type inspect INSIDE TO INTERNET Beanshi (config-omar) # class type inspect INSIDE_PROTOCOLS Beanshi (config-pmar-c) # inspect Bransbl (config)# zone-pair security INSIDE TO OUTSIDE source INSIDE destination OUTSIDE Branshi (config)# zone-pair security INSIDE TO OUTSIDE Branshl (config-sec-zone-pair)# service-policy type inspect INSIDE TO OUTSIDE Beanshi (config)# interface gl/o Branshl (config-if)# zone-member security INSIDE Beansh(config-if)# exit Branch] (config)# interface sl/0/0 Bransh1(config-if)# zone-member security OUTSIDE Topology .10 PC-B 10.10.2.0/24 Giol.1 ISP DCE so/0/1 50/0/0 192.168.1.0/24 192.168.2.0/24 DCE 50/0/0 so/0/1 Branch1 10.10.1.0/24 Gi01 1 Branch2 Gi0/1 10.10.3.0/24 PC-C PC-A .10 .10
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help