WB VOL I - 2.14 Classic IOS Transparent Firewall
• VLAN23 users are only allowed to initiating FTP, HTTP and DNS connections to the serves on VLAN 100 and not allowed to access VLAN13.
How is that possible doing CBAC ?
2.15 ZFW-Based IOS Transparent Firewall
• Modify the previous scenario to use CPL for the firewall configuration.
Now using ZFW you can stop traffic from vlan 23 to 13, but on 2.15 the resolution points you to make vlan 23 to talk to vlan 13, which is not allowed by the task.
zone-pair security ZP_OUTSIDE_TO_INSIDE source OUTSIDE destination INSIDE
service-policy type inspect PMAP_OUTSIDE_TO_INSIDE
but there is no PMAP_OUTSIDE_TO_INSIDE