I will have a task to configure a Cisco 1811 router as a gateway/router device. It has three interfaces. G0/0 is WAN link to internet. G0/1 and G0/2 are for internal connections. (I made up the interface name. They can be different)
As you can see the G0/1 will be in another public IP range. The router will just do routing. There is no filtering, throttling or NATing between G0/1 and G0/0. The G0/2 will be in private IP range. NAT/PAT and firewalling are required between G0/2 and G0/0 or G0/1.
I haven't done this type of config (using a router as a gateway) for a long time. I used to use the "Classic IOS firewall" with the "ip inspect" commands. It looks like there is new way of configuring it, called "Zone based firewall". I guess my first question is that do I use the new ZBF or old IOS firewall?
If I'm suggested to use ZBF, how do I define zones? Do I define three zones or just two? I don't need firewalling between G0/2 and G0/1. I only need NAT/PAT. Can I put them into the same zone? Will ZBF require any configuration to allow traffic passing between interfaces of the same zone?
Any advice are welcome.
My recommendation would be to start the CLI configuration for ZBFW from scratch as it will appear to be much simpler than if you configure it through SDM. SDM throw in a lot of unnessary configuration lines that will just confuse you even more. You can of course try to use the SDM template and see how it looks like in CLI, if you don't mind it, then you can tweak it. Otherwise, if it gets really complicated, then you can just remove the config on zone base and start from scratch.
Hope that helps.