Task 6.2 Zone-based FW

I agree, though if you are in a rush, you'd opt for the quicker solution with the match input interface but this worked for me:

Create zones for BB2 and BB3
Create zone-pairs for them but leave them empty (drops all)
Create zone LAN (all other interfaces)
Create zone-pairs and just pass all traffic, would this receive points?

policy-map type inspect PASS
 class class-default
  pass
!
zone security BB2
zone security BB3
zone security LAN
!
zone-pair security BB2BB3 source BB2 destination BB3
zone-pair security BB3BB2 source BB3 destination BB2
zone-pair security BB3LAN source BB3 destination LAN
service-policy type inspect PASS
zone-pair security BB2LAN source BB2 destination LAN
service-policy type inspect PASS
zone-pair security LANBB2 source LAN destination BB2
service-policy type inspect PASS
zone-pair security LANBB3 source LAN destination BB3
service-policy type inspect PASS
!
interface FastEthernet0/0
zone-member security LAN
!
interface FastEthernet0/1.52
zone-member security BB2
!
interface FastEthernet0/1.53
zone-member security BB3
!
interface Serial0/0/0
zone-member security LAN
 

Sign In or Register to comment.