Professional Documents
Culture Documents
Infosec - DMZ Konfig A ROUTEREN
Infosec - DMZ Konfig A ROUTEREN
-create zones
-define a traffic class to allow traffic from the internal network to the
Internet-----
a) create a class map named INSIDE_PROTOCOLS (class map type inspect; match-any
keyword):*
Router(config)# class-map type inspect match-any INSIDE_PROTOCOLS
b) match the protocols (http, tcp, udp, icmp, dns) in this class map:
Router(config-cmap)#match protocol http
Router(config-cmap)#match protocol tcp
Router(config-cmap)#match protocol udp
Router(config-cmap)#match protocol icmp
Router(config-cmap)#match protocol dns
*to delete: 'no' keyword in front of all
> create policy called INSIDE_TO_INTERNET, use the INSIDE_PROTOCOLS class map,set
the 'inspect' action:
Router(config)# policy-map type inspect INSIDE_TO_INTERNET
Router(config-pmap)# class type inspect INSIDE_PROTOCOLS
Router(config-pmap-c)# inspect
> create policy called INTERNET_TO_DMZWEB, use the DMZ_WEB class map, set the
'pass' action:
Router(config)# policy-map type inspect INTERNET_TO_DMZWEB
Router(config-pmap)# class type inspect DMZ_WEB
Router(config-pmap-c)# pass