Wednesday, September 29, 2021

Classic Firewall - Configuring ACL Inbound

How would I apply an ACL 110 inbound on an appropriate interface to deny all IP traffic, an ACL 120 to permit TCP port 443 traffic and permit any ICMP traffic and configure an inspection that inspects appropriate packets?

Is this right? Here's my reasonable effort displayed, just confirming:

access-list 110 deny ip any any

access-list 120 permit tcp any eq 443 any

access-list 120 permit icmp any any echo

hostname(config)# class-map inspection_default

hostname(config-cmap)# match access-list inspect



No comments:

Post a Comment