Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
0
Replies

help Zone Based Firewall

usuario0001
Level 1
Level 1

‎09-08-2009 12:07 AM - edited ‎03-11-2019 09:13 AM

I have a site-to-site vpn with two 2811 Cisco Routers with 2 interfaces each

(LAN and WAN) and a GRE Tunnel. I have an ACL implemented to allow some PCs to have access to the VPN and another PCs to have access to Internet but deny access to vpn.

I want to implement Zone Based Firewall, but I don't know how many zone-pair do I

have to configure. I think I need one private-to-vpn, one vpn-to-private, one

private-to-public, but I don't know if I need to configure one public-to-private zone pair if I need to telnet/ssh the router from a public IP from outside Internet.

I have also some doubts about ACLs and class-maps. I don't know if I have to include these ACLs in class-maps. Or if I have different zones for each interface (include GRE Tunnel) is enough.

Another question is that I have read several configurations to block P2P and Instant messaging, but each of them is for a specific applications, and I'd like to know if there is a way to block all of them or I have to block each individual protocol.

Thanks and best regards.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card