You need to create the correct class-map’s to identify the
1. Create the following Zones
a. Private
b. DMZ
c. Public
2. Assign the zones to the appropriate interface
a. FA 0/0 and FA 0/1 are part of the “Private” zone
b. Eth 0/0/0 is part of the “DMZ” zone
c. Eth 0/1/0 is part of the “Public” zone
You need to create the correct class-map’s to identify the type of traffic, apply the class map in the correct policy-map’s, and then create zone-pairs to accomplish the following:
1. Allow the .10 subnet and the .20 subnet full access to each other.
2. Allow the Private Zone to have full access to the DMZ
a. Allow NO traffic originating in the DMZ into the Private ZONE
3. Allow HTTP traffic from the Public Zone into the DMZ.
4. Allow FTP traffic from the Public Zone into the DMZ.
5. Allow traffic from the DMZ Zone destined for any DNS server in the Public Zone
6. Allow traffic from the DMZ Zone destined for any HTTPS server in the Public Zone
7. Allow pings from the DMZ Zone to the Public Zone
8. Allow the Private Zone to have full access to the Public Zone EXCEPT:
a. Do not allow traffic from the Private Zone to a Public DNS Server
b. Do not allow traffic from the Private Zone to a Public HTTPS Server
c. Do not allow traffic from the Private Zone to a Public SMTP Server
d. Do not allow any traffic originating in the Public Zone into the Private Zone
Once completed, copy the router configuration AS WELL AS the results of “show policy-map type inspect zone-pair sessions” and paste into a Text file