Tags

,

Creating security zones.

# conf t
# zone security IN-ZONE
# zone security OUT-ZONE

 

Assigning interfaces as zone member.

# conf t
# int f0/0
# zone-member security IN-ZONE
#
# int s0/1/0
# zone-member security OUT-ZONE

 

Create class map and assigning the class map to a policy map.

# conf t
# class-map type inspect match-any ICMP-CLASS
# match protocol icmp
# exit

# policy-map type inspect ICMP-POLICY
# class type inspect ICMP-CLASS
# inspect
# end

 

Create zone pair and assigning the policy map to it.

# conf t
# zone-pair security IN-OUT source IN-ZONE destination OUT-ZONE
# service-policy type inspect ICMP-POLICY
# exit
# zone-pair security OUT-IN source OUT-ZONE destination IN-ZONE
# service-policy type inspect ICMP-POLICY

 

After entering the commands above, we should now be able to ping across IN-ZONE and OUT-ZONE.

Advertisements