Step 1 |
enable
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
class-map
type
inspect
match-any
class-map-name
Router(config)# class-map type inspect match-any rtsp_class1
|
Creates an inspect type class map and enters class-map configuration mode.
|
Step 4 |
match
protocol
protocol-name
Router(config-cmap)# match protocol rtsp
|
Configures the match criteria for a class map on the basis of the named protocol.
|
Step 5 |
exit
Router(config-cmap)# exit
|
Returns to global configuration mode.
|
Step 6 |
policy-map
type
inspect
policy-map-name
Router(config)# policy-map type inspect rtsp_policy
|
Creates an inspect type policy map and enters policy-map configuration mode.
|
Step 7 |
class
type
inspect
class-map-name
Router(config-pmap)# class type inspect rtsp_class1
|
Specifies the class on which the action is performed and enters policy-map-class configuration mode.
|
Step 8 |
inspect
Router(config-pmap-c)# inspect
|
Enables stateful packet inspection.
|
Step 9 |
class
class-default
Router(config-pmap-c)# class class-default
|
Specifies that these policy map settings apply to the predefined default class. If traffic does not match any of the match
criteria in the configured class maps, it is directed to the predefined default class.
|
Step 10 |
exit
Router(config-pmap-c)# exit
|
Returns to policy-map configuration mode.
|
Step 11 |
exit
Router(config-pmap)# exit
|
Returns to global configuration mode.
|
Step 12 |
zone
security
zone-name1
Router(config)# zone security private
|
Creates a security zone to which interfaces can be assigned and enters security-zone configuration mode.
|
Step 13 |
exit
Router(config-sec-zone)# exit
|
Returns to global configuration mode.
|
Step 14 |
zone
security
zone-name2
Router(config)# zone security public
|
Creates a security zone to which interfaces can be assigned and enters security-zone configuration mode.
|
Step 15 |
exit
Router(config-sec-zone)# exit
|
Returns to global configuration mode.
|
Step 16 |
zone-pair
security
zone-pair-name
source
source-zone-name
destination
destination-zone-name
Router(config)# zone-pair security pair-two source private destination public
|
Creates a pair of security zones and enters security-zone-pair configuration mode.
|
Step 17 |
service-policy
type
inspect
policy-map-name
Router(config-sec-zone-pair)# service-policy rtsp_policy
|
Attaches a firewall policy map to the destination zone pair.
|
Step 18 |
exit
Router(config-sec-zone-pair)# exit
|
Returns to global configuration mode.
|
Step 19 |
interface
type
number
Router(config)# GigabitEthernet0/1/0
|
Specifies an interface for configuration.
|
Step 20 |
zone-member
security
zone-name1
Router(config-if)# zone-member security private
|
Assigns an interface to a specified security zone.
-
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for
the router or initiated by the router) is dropped by default. To let traffic through the interface, you must make the zone
part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 21 |
exit
|
Returns to global configuration mode.
|
Step 22 |
interface
type
number
Router(config)# GigabitEthernet0/1/0
|
Specifies an interface for configuration.
|
Step 23 |
zone-member
security
zone-name
Router(config-if)# zone-member security public
|
Assigns an interface to a specified security zone.
-
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for
the router or initiated by the router) is dropped by default. To let traffic through the interface, you must make the zone
part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 24 |
end
|
Returns to privileged EXEC mode.
|