Cisco Zone-Based Firewall Step By Step Configuration-3 Zones

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

friends in this video we will learn how to configure zone base firewall with three zones we will create one zone with the name inside another outside and third one dmz one okay please understand the ip addressing and top logic correctly then start the configuration pc1 101.100 pc2 102.100 and dmz server 10.100 first of all go to pc1 ip config pc2 ipconfig okay now we have to configure the ip addressing on server and r1 let's come to r one r one f zero by zero and its ip address 192 168 101.1 0 by one this is one by zero now shut ip address 102.1 if you are receiving such kind of message do one thing no cdp run do show history we have configured f 0 by 0 ip address and one by zero then zero by one no shut ip address and its ip address 10.1 do show ip interface brief then we have to configure server ip server ip address is 10.100 and here four applications are running and its gateway will be yes do show ip out static now go to router ping to 101.100 ping to 102.100 ping to 10.100 and on 10 dot 100 run services iep domain name draenonic.com line vty 0 to 90 transport input ssh login local iphtp server iphttp secure server iphtp authentication local username shiva privilege 15 secret shiva do show history okay then go to pc one ping to 10.100 yes working ping to 102.100 working telnet to 10.100 working ftp 2102.100 working then go to server ping to 101.100 ping2102.100 working then we have to go to pc2 ping 101.100 and one only 10 dot 100 now what we have to do we have to configure three zones zone security inside zone security outside and zone security dmz one f zero by zero inside zero by zero inside 0 by 1 dmz 1 yes dmz 1 and 1 by 0. out side zero by one outside okay after creating zone and assigning them to interfaces check reachability ping to 10.100. not working telnet not working ok now what we have to do go to from inside no communication again check with dmz 2 now dmz 2 with outside start run cmd ping 192 168 102.100 not working same check on server ping2 101.100 no ping to 102.100 no then go to pc2 ping with 101.100 not possible so what we have to define yes we have to define policy we want inside can access telnet ssh http and https any of these protocols for outside all go to r1 class okay now what we can do first of all for outside ip access list extended name into out acl permit ipne class map type inspect yes into out class match access group name policy map type inspect class map type inspect into out class and inspect then join pair security in to out source inside destination outside service policy type inspect into out policy yes we have configured john pair when source is in destination is outside service policy into out policy will work into out policy says that if traffic will match with class map i will inspect class map says that match acl and acl says any to any now go to inside working 192.168.102.100 working then close close now you can see inside is able to communicate with outside let's check reverse not possible with 10 not possible now what we want inside can communicate with dmz ok then for that we can also do this task without acl how we can classmap type inspect into dmz one class match protocol telnet ssh http http s policy map type inspect into dmz one policy class map type inspect and class map name is into dmz class and first of all we have to go to policy map then classmate then inspect exit exit then john pair security into dmz one source inside destination dmz one service policy type inspect and policy name into dmz one policy do show history first of all we have defined class map then paul cmap in policy map we have called class map then inspect then john pair when source is inside yes traffic is coming from inside and going to dmz apply policymaker now for checking you have to go to inside pc1 then start run cmd telnet 10.100 yes it's not working do you know why it is not working go to r1 show running config because when we create class map yes we have create class map into dmz one here you can see by default condition is match all match all means when all conditions will match but it will never happen that all conditions will match so what we have to do instead of match all we have to use keyword match any for class map means any protocol if telnet that should be in adding spec table means end or or expression here we will define any protocols match when traffic match with any protocol put that in state table so show running config now we have changed the statement with match any now again check telnet working http 192.168.10.100 working https go to server do show history yes https commands are run now it's working but it takes some time you have to have pieces yes okay telnet is working http is working https is working remaining is ssh for ssh you required putty 192 168 10 dot 100 yes yes it's working okay now you can see from inside to dmz is working but there is no traffic will come from dmz 2 inside go to dmz ping will not work because there is no policy from dng to inside now it is up to you if we want that outside should be able to access dmg now yes we can do how we can do go to r1 then we can define from outside to dmg telnet ssh and icmp now go to r1 we can do here we will done it without access list let's do with access list ip access list extended out to dmz one acl permit okay permit tcp when source is 1 102.0 and destination is 10.0 equal to 4 2 2 and 2 3 telnet and ssh and then we have to define permit icmp yes do show history we have defined when source is 102 destination is 10 for ssh telnet and icmp then create class map type inspect say match any and out to dmg1 class match access group name access group name is here out to dmg1acl then create policy map type inspect policy map name out to dmg1 policy class map type inspect and its name is out to dmg one class inspect yes so what it is saying inspect it is saying no specific protocol configured okay then no problem okay then exit and exit so then we have to create john pair of security then out to dmz out to dmz one source outside destination dmz one service policy type inspect and your policy map name is here out to dmz policy do show history first of all we have create access list in class map class map in policy map and policy mapping service policy in john pair so we have defined ssh telnet and icmp go to pc2 ping working telnet working http not working because we have not defined in acl but your ssh will work 192.168.10.100 yes shiva shiva yes so this was our lab that how to configure john base firewall in three interfaces or with three zones thank you

Info

Channel: I-MEDITA (IT Training Academy)

Views: 864

Rating: undefined out of 5

Keywords: How to Configure Zone-Based Firewall with Three Zones, Zone-based firewall Configuration, Zone-Based Policy Firewall, Zone Based Firewall Configuration Example, Cisco Zone Based Firewall Step By Step, Cisco Zone based Firewall Configuration Example, IOS Zone-Based Firewall, Cisco IOS Zone-Based Firewalls, Configure ZBF, What is Zone-based policy firewall, Cisco ASA zone based firewall, Zone-Based Policy Firewall (ZBPF), zone based firewall, firewall, cisco, imedita

Id: T6ytyscGW5s

Channel Id: undefined

Length: 20min 16sec (1216 seconds)

Published: Thu Jun 17 2021