Please i need help with this network security question

Consider the following topology diagram: IN-SERVER-Zone OUT-Zone 192.168.20.0/24 Intranet SERVER .254 -- Fa0/1 SO/0/2 209.165.200.224/27 .1 225 R2 50/0/0 S0/0/1 .2 ISP Internet .1 ML WRSTV 207.3.0.19 10.1.1.0/30 10.2.2.0/30 IN-LAB-Zone S0/0/0 .1 IN-STAFF-Zone 50/0/1 .2 Fa0/0 R1 Fa0/1 .1 Lab-1 Users Lab-2 Users 192.168.10.0/24 192.168.11.0/24 R3 Fa0/1 Fa0/1 Fa0/1 S1 Fa0/2 S2 Fa0/2 Fa0/1 IT Admins S3 Sales Users 192.168.30.0/24 192.168.40.0/24 Fa0/2 Fa0/3 PC1 PC3 PC4 PC2 .10 .10 .10 .10 1 . Objectives Review and configure ACLs on R1 and R3 Configure a zone-based policy (ZPF) firewall on R2. Configure IOS IPS on R1 A Scenario The Intranet SERVER, is the main asset of the company. However, MLWR Srv is black listed and should be banned from accessing the Intranet SERVER In this question, Router R2 has then to be configured as a basic ZPF to control communications from/to internal resources. Finally, you will configure basic IOS IPS on R1. Routers R1 and R3 are to be configured with a simple extended access-list. All questions are INTERRELATED. This question is split into the following sections: 4. Finalize ZPF firewall configuration on router R2: (8 marks) a. Complete the IN-NET-CLASS-MAP class map and IN-2-OUT-PMAP policy map configurations.(2 marks) R2(config)# class-map type inspect match-all IN-NET-CLASS-MAP R2(config-cmap) # match access-group R2(config)# policy-map type inspect IN-2-OUT-PMAP R2(config-pmap) # class type inspect b. Specify the action (inspect, pass or drop) for this policy map.R2 should behave like a stateful firewall for all traffic outgoing to the Internet defined previously in ACL 210. (2marks) R2(config)# policy-map type inspect IN-2-OUT-PMAP R2(config-pmar-c) # C. Assume that the zone pairing is now configured accordingly on R2 between In- LAB-Zone and SERVER-Zone from one hand, as source and OUT-Zone, from the other, as destination. Could MLWR$ry access the Intranet SERVER on TCP port 3389 successfully? Explain. (4 marks) Consider the following topology diagram: IN-SERVER-Zone OUT-Zone 192.168.20.0/24 Intranet SERVER .254 -- Fa0/1 SO/0/2 209.165.200.224/27 .1 225 R2 50/0/0 S0/0/1 .2 ISP Internet .1 ML WRSTV 207.3.0.19 10.1.1.0/30 10.2.2.0/30 IN-LAB-Zone S0/0/0 .1 IN-STAFF-Zone 50/0/1 .2 Fa0/0 R1 Fa0/1 .1 Lab-1 Users Lab-2 Users 192.168.10.0/24 192.168.11.0/24 R3 Fa0/1 Fa0/1 Fa0/1 S1 Fa0/2 S2 Fa0/2 Fa0/1 IT Admins S3 Sales Users 192.168.30.0/24 192.168.40.0/24 Fa0/2 Fa0/3 PC1 PC3 PC4 PC2 .10 .10 .10 .10 1 . Objectives Review and configure ACLs on R1 and R3 Configure a zone-based policy (ZPF) firewall on R2. Configure IOS IPS on R1 A Scenario The Intranet SERVER, is the main asset of the company. However, MLWR Srv is black listed and should be banned from accessing the Intranet SERVER In this question, Router R2 has then to be configured as a basic ZPF to control communications from/to internal resources. Finally, you will configure basic IOS IPS on R1. Routers R1 and R3 are to be configured with a simple extended access-list. All questions are INTERRELATED. This question is split into the following sections: 4. Finalize ZPF firewall configuration on router R2: (8 marks) a. Complete the IN-NET-CLASS-MAP class map and IN-2-OUT-PMAP policy map configurations.(2 marks) R2(config)# class-map type inspect match-all IN-NET-CLASS-MAP R2(config-cmap) # match access-group R2(config)# policy-map type inspect IN-2-OUT-PMAP R2(config-pmap) # class type inspect b. Specify the action (inspect, pass or drop) for this policy map.R2 should behave like a stateful firewall for all traffic outgoing to the Internet defined previously in ACL 210. (2marks) R2(config)# policy-map type inspect IN-2-OUT-PMAP R2(config-pmar-c) # C. Assume that the zone pairing is now configured accordingly on R2 between In- LAB-Zone and SERVER-Zone from one hand, as source and OUT-Zone, from the other, as destination. Could MLWR$ry access the Intranet SERVER on TCP port 3389 successfully? Explain. (4 marks)