Step 1 |
enable
Example:
|
Enables
privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Device# configure terminal
|
Enters global
configuration mode.
|
Step 3 |
ip
wccp
service-id
Example:
Device(config)# ip wccp 61
|
Enters the Web Cache Communication Protocol (WCCP) dynamically
defined service identifier number.
|
Step 4 |
ip
wccp
service-id
Example:
Device(config)# ip wccp 62
|
Enters the Web Cache Communication Protocol (WCCP) dynamically
defined service identifier number.
|
Step 5 |
log
dropped-packets
enable
Example:
Device(config-profile)# log dropped-packets enable
|
|
Step 6 |
max-incomplete
low
Example:
Device(config)# max-incomplete low 18000
|
|
Step 7 |
max-incomplete
high
Example:
Device(config)# max-incomplete high 20000
|
|
Step 8 |
class-map
type
inspect
class-name
Example:
Device(config)# class-map type inspect most-traffic
|
Creates an
inspect type class map for the traffic class and enters class-map configuration
mode.
Note
|
The
class-map
type
inspect
most-traffic
command is hidden.
|
|
Step 9 |
match
protocol
protocol-name
[signature]
Example:
Device(config-cmap)# match protocol http
|
Configures
match criteria for a class map on the basis of a specified protocol.
|
Step 10 |
exit
Example:
Device(config-cmap)# exit
|
Exits class-map
configuration mode and returns to global configuration mode.
|
Step 11 |
policy-map
type
inspect
policy-map-name
Example:
Device(config)# policy-map type inspect p1
|
Creates a
Layer 3 and Layer 4 inspect type policy map and enters policy-map configuration
mode.
|
Step 12 |
class
class-default
Example:
Device(config-pmap)# class class-default
|
Specifies the
matching of the system default class.
|
Step 13 |
class-map
type
inspect
class-name
Example:
Device(config-pmap)# class-map type inspect most-traffic
|
Specifies the
firewall traffic (class) map on which an action is to be performed and enters
policy-map class configuration mode.
|
Step 14 |
inspect
Example:
Device(config-pmap-c)# inspect
|
Enables Cisco
stateful packet inspection.
|
Step 15 |
exit
Example:
Device(config-pmap-c)# exit
|
Exits
policy-map class configuration mode and returns to policy-map configuration
mode.
|
Step 16 |
exit
Example:
Device(config-pmap)# exit
|
Exits
policy-map configuration mode and returns to global configuration mode.
|
Step 17 |
zone
security
zone-name
Example:
Device(config)# zone security zone1
|
Creates a
security zone to which interfaces can be assigned and enters security zone
configuration mode.
|
Step 18 |
description
line-of-description
Example:
Device(config-sec-zone)# description Internet Traffic
|
(Optional)
Describes the zone.
|
Step 19 |
exit
Example:
Device(config-sec-zone)# exit
|
Exits
security zone configuration mode and returns to global configuration mode.
|
Step 20 |
zone-pair
security
zone-pair
name
[source
source-zone-name |
self]
destination
[self |
destination-zone-name]
Example:
Device(config)# zone-pair security zp source z1 destination z2
|
Creates a
zone pair and enters security zone configuration mode.
Note
|
To apply a
policy, you must configure a zone pair.
|
|
Step 21 |
description
line-of-description
Example:
Device(config-sec-zone)# description accounting network
|
(Optional)
Describes the zone pair.
|
Step 22 |
exit
Example:
Device(config-sec-zone)# exit
|
Exits security
zone configuration mode and returns to global configuration mode.
|
Step 23 |
interface
type
number
Example:
Device(config)# interface ethernet 0
|
Specifies an
interface and enters interface configuration mode.
|
Step 24 |
description
line-of-description
Example:
Device(config-if)# description zone interface
|
(Optional)
Describes an interface.
|
Step 25 |
zone-member
security
zone-name
Example:
Device(config-if)# zone-member security zone1
|
Assigns an
interface to a specified security zone.
Note
|
When you
make an interface a member of a security zone, all traffic in and out of that
interface (except the traffic bound for the device or initiated by the device)
is dropped by default. To let traffic through the interface, you must make the
zone part of a zone pair to which you apply a policy. If the policy permits
traffic, traffic can flow through that interface.
|
|
Step 26 |
ip
address
ip-address
Example:
Device(config-if)# ip address 10.70.0.1 255.255.255.0
|
Assigns an
interface IP address for the security zone.
|
Step 27 |
ip
wccp
service-id
{group-listen
|
redirect
{in
|
out}}
Example:
Device(config-if)# ip wccp 61 redirect in
|
Specifies
WCCP parameters on the interface.
|
Step 28 |
exit
Example:
|
Exits
interface configuration mode and returns to global configuration mode.
|
Step 29 |
zone-pair
security
zone-pair-name
{source
source-zone-name |
self}
destination
[self
|
destination-zone-name]
Example:
Device(config)# zone-pair security zp source z1 destination z2
|
Creates a
zone pair and enters security zone-pair configuration mode.
|
Step 30 |
service-policy
type
inspect
policy-map-name
Example:
Device(config-sec-zone-pair)# service-policy type inspect p2
|
Attaches a
firewall policy map to the destination zone pair.
Note
|
If a policy
is not configured between a pair of zones, traffic is dropped by default.
|
|
Step 31 |
end
Example:
Device(config-sec-zone-pair)# end
|
Exits
security zone-pair configuration mode and returns to privileged EXEC mode.
|