I have a site-to-site vpn with two 2811 Cisco Routers with 2 interfaces each
(LAN and WAN) and a GRE Tunnel. I have an ACL implemented to allow some PCs to have access to the VPN and another PCs to have access to Internet but deny access to vpn.
I want to implement Zone Based Firewall, but I don't know how many zone-pair do I
have to configure. I think I need one private-to-vpn, one vpn-to-private, one
private-to-public, but I don't know if I need to configure one public-to-private zone pair if I need to telnet/ssh the router from a public IP from outside Internet.
I have also some doubts about ACLs and class-maps. I don't know if I have to include these ACLs in class-maps. Or if I have different zones for each interface (include GRE Tunnel) is enough.
Another question is that I have read several configurations to block P2P and Instant messaging, but each of them is for a specific applications, and I'd like to know if there is a way to block all of them or I have to block each individual protocol.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...