Simple 6 Steps to configure
Notes;
Zones; Internet, Trust, WAAS and Guest
Interface Serial1/0 : To the Internet
Interface Gi0/0 : Trust
Interface G1/0 : WAAS
Interface G2/0 : Guest
1. Defining Zones
Router#
Router(config)# zone security Internet
Router(config-sec-zone)# zone security Trust
Router(config-sec-zone)# zone security WAAS
Router(config-sec-zone)# zone security Guest
2. Assign Zones to netowrk interfaces
Router#
Router(config)# int serial1/0
Router(config-if)# zone-member security Internet
Router(config)# int Gi0/0
Router(config-if)# zone-member security Trust
Router(config)# int Gi1/0
Router(config-if)# zone-member security WAAS
Router(config)# int Gi2/0
Router(config-if)# zone-member security Guest
3. Defining Zone Pair (Traffic flow)
Router#
Router(config)# zone-pair security Trust->Internet source Trust destination Internet
Router#
Router(config)# zone-pair security WAAS->Internet source WAAS destination Internet
Router#
Router(config)# zone-pair security Guest->Internet source Guest destination Internet
Router#
Router(config)# zone-pair security Trusted source Trust destination Trust
4. Create Class-Map
Router#
Router(config)# class-map type inspect match-any All_Traffic
Router(config-cmap)# match protocol tcp
Router(config-cmap)# match protocol ucp
Router(config-cmap)# match protocol icmp
Router#
Router(config)# class-map type inspect match-any WAAS_Traffic
Router(config-cmap)# match protocol tcp
Router(config-cmap)# match protocol udp
Router#
Router(config)# class-map type inspect match-any Guest_Traffic
Router(config-cmap)# match protocol http
Router(config-cmap)# match protocol https
Router(config-cmap)# match protocol dns
Router(config-cmap)# match protocol pop3
Router(config-cmap)# match protocol imap
5. Create Policy-Map
Router#
Router(config)#policy-map type inspect Trust_to_Internet
Router(config-pmap)# class type inspect All_Traffic
Router(config-pmap-c)# inspect
Router(config)#policy-map type inspect WAAS_to_Internet
Router(config-pmap)# class type inspect WAAS_Traffic
Router(config-pmap-c)# inspect
Router(config)#policy-map type inspect Guest_to_Internet
Router(config-pmap)# class type inspect Guest_Traffic
Router(config-pmap-c)# inspect
Router(config)#policy-map type inspect Trusted
Router(config-pmap)# class class-default
Router(config-pmap-c)# pass
6. Apply Policy to Zone-pair
Router#
Router(config)# zone-pair security Trust->Internet
Router(config-sec-pair)# service-policy type inspect Trust_to_Internet
Router#
Router(config)# zone-pair security WAAS->Internet
Router(config-sec-pair)# service-policy type inspect WAAS_to_Internet
Router#
Router(config)# zone-pair security Guest->Internet
Router(config-sec-pair)# service-policy type inspect Guest_Traffic
Router#
Router(config)# zone-pair security Trusted
Router(config-sec-pair)# service-policy type inspect Tursted
7. Verifying
Router# show policy-map type inspect zone-pair
8. Troubleshooting & Tips