Scribd Logo
Upload

Welcome to Scribd!

  • Firewall

    Uploaded by

    Gregorio HernandezAparicio
    11 views2 pages
    This document contains configuration commands for a Cisco router with 3 interfaces connecting to inside, dmz, and outside networks. It defines security zones for each network, creates inspection policies for traffic flowing between each zone pair, and applies the policies to the appropriate interfaces. This establishes a basic stateful firewall with inspection between the 3 security zones.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains configuration commands for a Cisco router with 3 interfaces connecting to inside, dmz, and outside networks. It defines security zones for each network, creates inspection policies for traffic flowing between each zone pair, and applies the policies to the appropriate interfaces. This establishes a basic stateful firewall with inspection between the 3 security zones.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    11 views2 pages

    Firewall

    Uploaded by

    Gregorio HernandezAparicio
    This document contains configuration commands for a Cisco router with 3 interfaces connecting to inside, dmz, and outside networks. It defines security zones for each network, creates inspection policies for traffic flowing between each zone pair, and applies the policies to the appropriate interfaces. This establishes a basic stateful firewall with inspection between the 3 security zones.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    ZBFW

    -----------------------------------
    int g0/0
    ip add 192.168.0.1 255.255.255.0
    description RED INTERNA - INSIDE
    no sh

    int g0/1
    ip add 192.168.1.1 255.255.255.0
    description RED SERVIDORES - DMZ
    no sh

    int g0/2
    ip add 8.8.8.1 255.255.255.0
    description RED EXTERNA - OUTSIDE
    no sh

    int g0/0
    ip helper-address 192.168.1.2

    -----------------------------------
    firewall
    se pueden definir protocolos y mezclarlos con listas de correo

    ----------------------------------
    do sh license feature
    license boot module c2900 technology-package securityk9
    sh version
    wr
    reload

    ena
    conf t
    zone security INSIDE
    zone security OUTSIDE
    zone security DMZ

    exit
    int g0/1
    zone-member security DMZ
    class-map type inspect match-any INSIDE-DMZ-MAP
    match protocol icmp
    match protocol dns
    match protocol http
    match protocol https
    match protocol pop3
    match protocol smtp
    match protocol tcp

    policy-map type inspect INSIDE-DMZ-POLICY


    class type inspect INSIDE-DMZ-MAP
    inspect

    zone-pair security INSIDE-DMZ-ZONE source INSIDE destination DMZ


    service-policy type inspect INSIDE-DMZ-POLICY

    int g0/0
    zone-member security INSIDE
    do wr
    class-map type inspect match-any INSIDE-OUTSIDE-MAP
    match protocol icmp
    match protocol http
    match protocol https
    match protocol tcp

    policy-map type inspect INSIDE-OUTSIDE-POLICY


    class type inspect INSIDE-OUTSIDE-MAP
    inspect

    zone-pair security INSIDE-OUTSIDE-ZONE source INSIDE destination OUTSIDE


    service-policy type inspect INSIDE-OUTSIDE-POLICY

    int g0/2
    zone-member security OUTSIDE
    do wr

    class-map type inspect match-any OUTSIDE-DMZ-MAP


    match protocol icmp
    match protocol dns -- no se usa el dns porque la computadora no se comunica a su
    dns
    match protocol http
    match protocol https
    match protocol pop3 --entre servidores se comunican con smtp
    match protocol smtp
    match protocol tcp

    policy-map type inspect OUTSIDE-DMZ-POLICY


    class type inspect OUTSIDE-DMZ-MAP
    inspect

    zone-pair security OUTSIDE-DMZ-ZONE source OUTSIDE destination DMZ


    service-policy type inspect OUTSIDE-DMZ-POLICY

    class-map type inspect match-any DMZ-OUTSIDE-MAP


    match protocol icmp
    match protocol dns -- no se usa el dns porque la computadora no se comunica a su
    dns
    match protocol http
    match protocol https
    match protocol pop3 --entre servidores se comunican con smtp
    match protocol smtp
    match protocol tcp

    policy-map type inspect DMZ-OUTSIDE-POLICY


    class type inspect DMZ-OUTSIDE-MAP
    inspect

    zone-pair security DMZ-OUTSIDE-ZONE source DMZ destination OUTSIDE


    service-policy type inspect DMZ-OUTSIDE-POLICY

    You might also like