I have a site-to-site vpn with two 2811 Cisco Routers with 2 interfaces each
(LAN and WAN) and a GRE Tunnel. I have an ACL implemented to allow some PCs to have access to the VPN and another PCs to have access to Internet but deny access to vpn.
I want to implement Zone Based Firewall, but I don't know how many zone-pair do I
have to configure. I think I need one private-to-vpn, one vpn-to-private, one
private-to-public, but I don't know if I need to configure one public-to-private zone pair if I need to telnet/ssh the router from a public IP from outside Internet.
I have also some doubts about ACLs and class-maps. I don't know if I have to include these ACLs in class-maps. Or if I have different zones for each interface (include GRE Tunnel) is enough.
Another question is that I have read several configurations to block P2P and Instant messaging, but each of them is for a specific applications, and I'd like to know if there is a way to block all of them or I have to block each individual protocol.
Many questions in one post :-) Regarding the Zone Based Policy Firewall, I believe that instead of explaining its basics here, you should refer to the guides and examples published on Cisco website. They are very helpful and I think they will answer most of your questions. I suggest reading these:
I had already read these documents (and many others) but I still have a lot of doubts.
My message was very long, but to begin, I only need to know these 2 questions:
Do I need to configure one public-to-private zone pair if I need to telnet/ssh the router from a public IP from outside Internet? (all the configurations I have seen doesn't have a zone pair in this way.
If I had configured several ACLs, do I have to include them in new class-maps? or is it enough to have different zones for each interface (include GRE tunnel).
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...