Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

--- cisco:policy-map [23.04.2010 07:33]
mtalma
+++ cisco:policy-map [13.03.2020 18:43] (aktuální)
@@ Řádek 140: / Řádek 140: @@
 zone-pair security zp-WAN-To-LAN source WAN destination LAN
  service-policy type inspect WAN_LAN
+ exit
+</code>
+===== WAN-FW =====
+<code>
+ip access-list extended port_https
+ permit tcp any any eq 443
+ exit
+ip access-list extended port_ssh
+ permit tcp any any eq 22
+ exit
+ip access-list extended port_cmd
+ permit tcp any any eq cmd
+ exit
+access-list 110 remark ACL na Cisco - Datron
+access-list 110 permit ip 212.158.133.128 0.0.0.31 any
+class-map type inspect match-any self-cls-access
+ match access-group name port_https
+ match access-group name port_ssh
+ match access-group name port_cmd
+ exit
+class-map type inspect match-all self-access
+ match class-map self-cls-access
+ match access-group 110
+ exit
+policy-map type inspect WAN_self
+ class type inspect self-access
+  no drop
+  inspect
+  exit
+ class class-default
+ exit
+zone security WAN
+ exit
+zone security LAN
+ exit
+zone-pair security zp-WAN-self source WAN destination self
+ service-policy type inspect WAN_self
+ exit
+</code>
+===== FW-WAN =====
+<code>
+class-map type inspect match-any cls-icmp-access
+ match protocol icmp
+ match protocol tcp
+ match protocol udp
+ exit
+class-map type inspect match-all icmp-access
+ match class-map cls-icmp-access
+ exit
+policy-map type inspect self_WAN
+ class type inspect icmp-access
+  no drop
+  inspect
+  exit
+ class class-default
+  no drop
+  pass
+  exit
+ exit
+zone-pair security zp-self-WAN source self destination WAN
+ service-policy type inspect self_WAN
  exit
 </code>