08-09-ios firewall fundamentals and zone based firewalls
TRANSCRIPT
-
8/9/2019 08-09-IOS Firewall Fundamentals and Zone Based Firewalls
1/2
08-Zone based firewall
Reflexive ACLs
config t
! Create an ACL that we will apply! outbound on Fa 4/0.! The "reflect REMEMBER" will create! a reflexive ACL entry called "REMEMBER"! that we can apply on a second ACL inbound.
ip access-list extended GOING-OUTpermit tcp any any reflect REMEMBERpermit udp any any reflect REMEMBERpermit icmp any any reflect REMEMBERdeny ip any any logexit
interface fa 4/0ip access-group GOING-OUT out
do show access-list
ip access-list extended COMING-INevaluate REMEMBERdeny ip any any logexit
int fa 4/0ip access-group COMING-IN inexit
do show access-list
Context Based Access Control
conf t
! Deny any initial inbound traffic
ip access-list extended DENYdeny ip any any log
int fa 4/0ip access-group DENY inexit
! Create a Context Based Access Control! (CBAC) inspection rule to remember! TCP, UDP and ICMP
ip inspect name REMEMBER TCP
-
8/9/2019 08-09-IOS Firewall Fundamentals and Zone Based Firewalls
2/2
ip inspect name REMEMBER UDPip inspect name REMEMBER ICMP
! Apply the inspection rule outbound! on Fa 4/0
int fa 4/0ip inspect REMEMBER outexit
do show ip inspect interfaces