How would I apply an ACL 110 inbound on an appropriate interface to deny all IP traffic, an ACL 120 to permit TCP port 443 traffic and permit any ICMP traffic and configure an inspection that inspects appropriate packets?
Is this right? Here's my reasonable effort displayed, just confirming:
access-list 110 deny ip any any
access-list 120 permit tcp any eq 443 any
access-list 120 permit icmp any any echo
hostname(config)# class-map inspection_default
hostname(config-cmap)# match access-list inspect
No comments:
Post a Comment