Step 1 |
enable
Example:
|
Enables
privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Device# configure terminal
|
Enters global
configuration mode.
|
Step 3 |
ip
wccp
service-id
Example:
Device(config)# ip wccp 61
|
Enters the Web Cache Communication Protocol (WCCP) dynamically
defined service identifier number.
|
Step 4 |
ip
wccp
service-id
Example:
Device(config)# ip wccp 62
|
Enters the Web Cache Communication Protocol (WCCP) dynamically
defined service identifier number.
|
Step 5 |
parameter-map
type
inspect
global
Example:
Device(config)# parameter-map type inspect global
|
|
Step 6 |
waas
enable
Example:
Device(config-profile)# waas enable
|
|
Step 7 |
log
dropped-packets
enable
Example:
Device(config-profile)# log dropped-packets enable
|
|
Step 8 |
max-incomplete
low
Example:
Device(config)# max-incomplete low 18000
|
|
Step 9 |
max-incomplete
high
Example:
Device(config)# max-incomplete high 20000
|
|
Step 10 |
ip
inspect
waas
enable
Example: l
Device(config)# ip inspect waas enable
|
Enables
firewall inspection so that Cisco Wide Area Application Service (WAAS)
optimization can be discovered.
|
Step 11 |
class-map
type
inspect
class-name
Example:
Device(config)# class-map type inspect most-traffic
|
Creates an
inspect type class map for the traffic class and enters class-map configuration
mode.
Note
|
The
class-map
type
inspect
most-traffic
command is hidden.
|
|
Step 12 |
match
protocol
protocol-name
[signature]
Example:
Device(config-cmap)# match protocol http
|
Configures
match criteria for a class map on the basis of a specified protocol.
|
Step 13 |
exit
Example:
Device(config-cmap)# exit
|
Exits class-map
configuration mode and returns to global configuration mode.
|
Step 14 |
policy-map
type
inspect
policy-map-name
Example:
Device(config)# policy-map type inspect p1
|
Creates a
Layer 3 and Layer 4 inspect type policy map and enters policy-map configuration
mode.
|
Step 15 |
class
class-default
Example:
Device(config-pmap)# class class-default
|
Specifies the
matching of the system default class.
|
Step 16 |
class-map
type
inspect
class-name
Example:
Device(config-pmap)# class-map type inspect most-traffic
|
Specifies the
firewall traffic (class) map on which an action is to be performed and enters
policy-map class configuration mode.
|
Step 17 |
inspect
Example:
Device(config-pmap-c)# inspect
|
Enables Cisco
stateful packet inspection.
|
Step 18 |
exit
Example:
Device(config-pmap-c)# exit
|
Exits
policy-map class configuration mode and returns to policy-map configuration
mode.
|
Step 19 |
exit
Example:
Device(config-pmap)# exit
|
Exits
policy-map configuration mode and returns to global configuration mode.
|
Step 20 |
zone
security
zone-name
Example:
Device(config)# zone security zone1
|
Creates a
security zone to which interfaces can be assigned and enters security zone
configuration mode.
|
Step 21 |
description
line-of-description
Example:
Device(config-sec-zone)# description Internet Traffic
|
(Optional)
Describes the zone.
|
Step 22 |
exit
Example:
Device(config-sec-zone)# exit
|
Exits
security zone configuration mode and returns to global configuration mode.
|
Step 23 |
zone-pair
security
zone-pair
name
[source
source-zone-name |
self]
destination
[self |
destination-zone-name]
Example:
Device(config)# zone-pair security zp source z1 destination z2
|
Creates a
zone pair and enters security zone configuration mode.
Note
|
To apply a
policy, you must configure a zone pair.
|
|
Step 24 |
description
line-of-description
Example:
Device(config-sec-zone)# description accounting network
|
(Optional)
Describes the zone pair.
|
Step 25 |
exit
Example:
Device(config-sec-zone)# exit
|
Exits security
zone configuration mode and returns to global configuration mode.
|
Step 26 |
interface
type
number
Example:
Device(config)# interface ethernet 0
|
Specifies an
interface and enters interface configuration mode.
|
Step 27 |
description
line-of-description
Example:
Device(config-if)# description zone interface
|
(Optional)
Describes an interface.
|
Step 28 |
zone-member
security
zone-name
Example:
Device(config-if)# zone-member security zone1
|
Assigns an
interface to a specified security zone.
Note
|
When you
make an interface a member of a security zone, all traffic in and out of that
interface (except the traffic bound for the device or initiated by the device)
is dropped by default. To let traffic through the interface, you must make the
zone part of a zone pair to which you apply a policy. If the policy permits
traffic, traffic can flow through that interface.
|
|
Step 29 |
ip
address
ip-address
Example:
Device(config-if)# ip address 10.70.0.1 255.255.255.0
|
Assigns an
interface IP address for the security zone.
|
Step 30 |
ip
wccp
service-id
{group-listen
|
redirect
{in
|
out}}
Example:
Device(config-if)# ip wccp 61 redirect in
|
Specifies
WCCP parameters on the interface.
|
Step 31 |
exit
Example:
|
Exits
interface configuration mode and returns to global configuration mode.
|
Step 32 |
zone-pair
security
zone-pair-name
{source
source-zone-name |
self}
destination
[self
|
destination-zone-name]
Example:
Device(config)# zone-pair security zp source z1 destination z2
|
Creates a
zone pair and enters security zone-pair configuration mode.
|
Step 33 |
service-policy
type
inspect
policy-map-name
Example:
Device(config-sec-zone-pair)# service-policy type inspect p2
|
Attaches a
firewall policy map to the destination zone pair.
Note
|
If a policy
is not configured between a pair of zones, traffic is dropped by default.
|
|
Step 34 |
end
Example:
Device(config-sec-zone-pair)# end
|
Exits
security zone-pair configuration mode and returns to privileged EXEC mode.
|