zbf…

zbfw

the router is a firewall…

lan#ping 192.168.23.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/40 ms
lan#

a great way to test protocols is using telnet… if it opens, the protocol gets through…

lan#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 … Open

tcp_http_telnet

a nonce sidebar from: http://www.networksorcery.com/enp/protocol/tcp.htm

create zones and place them on the proper interfaces and your firewall is  alive…

fw(config)#zone security inside
fw(config-sec-zone)#exit
fw(config)#zone security outside
fw(config-sec-zone)#int f0/0
fw(config-if)#zone-member security inside
fw(config-if)#int f0/1
fw(config-if)#zone-member security outside

bye bye http:

lan#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 …
% Connection timed out; remote host not responding

a class map identifies traffic…

fw(config)#class-map type inspect match-any CMAP
fw(config-cmap)#match proto icmp
fw(config-cmap)#match proto http
fw(config-cmap)#exit

a policy map calls the class map for it’s identified traffic and acts upon it…

fw(config)#policy-map type inspect PMAP
fw(config-pmap)#class type inspect CMAP
fw(config-pmap-c)#inspect
fw(config-pmap-c)#exit
fw(config-pmap)#exit

specify the zones and direction as a pair, and apply the policy map…

fw(config)#zone-pair security in_out source inside dest outside
fw(config-sec-zone-pair)#service-policy type inspect PMAP

lan#ping 192.168.23.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/37/52 ms
lan#telnet 192.168.23.3 80
Trying 192.168.23.3, 80 … Open