This is a duplicate question to the one further up in the list that I have already answered, but I will post the config here also.
ip access-list extended web-to-dmzServer-acl
permit tcp any host 192.168.2.3 80
permit tcp any host 192.168.2.3 443
class-map type inspect match-any web-to-dmzServer-cmap
match access-group web-to-dmzServer-acl
policy-map type inspect web-to-dmzServer-pmap
class type inspect web-to-dmzServer-cmap
inspect
zone security dmz
description DMZ services
zone security web
description Internet
zone-pair security web-to-dmz-pair source web destination dmz
interface Gig0/0/0
description Internet
zone-member security web
interface Gig0/0/1
description DMZ
zone-member security dmz
Verification:
show policy-map type inspect zone web
show policy-map type inspect zone dmz
show policy-map type inspect zone-pair web-to-dmz-pair
--
Please remember to select a correct answer and rate helpful posts