expert,
I m working on Zone Security configuration when i applied that below
configuration On site A ...the Voice on other site B which is connected to my
Site A are disconnected could you please advice what need to be done to allow
Voice packet
parameter-map type urlfpolicy local URLFilter alert off block-page message
"ACCESS BLOCKED"parameter-map type urlf-glob youtube.com pattern *.youtube.com
pattern youtube.com pattern www.youtube.com
parameter-map type urlf-glob PermittedSites pattern *
parameter-map type urlf-glob Facebook.com pattern *.facebook.com pattern
facebook.com pattern www.facebook.com pattern httpswww.facebook.com pattern
https.facebook.com
class-map type urlfilter match-any SocialNetworking match server-domain
urlf-glob youtube.com match server-domain urlf-glob Facebook.comclass-map
type urlfilter trend match-any drop match url category Web-Hostingclass-map
match-any CRITICAL match protocol ldap match protocol sqlnetclass-map type
urlfilter match-any PermittedSites match server-domain urlf-glob
PermittedSitesclass-map type inspect match-any Control match protocol dns
match protocol icmp match protocol telnet match protocol ldaps match protocol
msnmsgr match protocol tftp match protocol sip match access-group 101 match
protocol sql-net match protocol mysql match protocol sqlserv match protocol
sqlsrv match protocol ms-sql match protocol ms-sql-mclass-map type inspect
match-any Web match protocol httpclass-map match-all DXB-VoIP match
access-group name DXB-VOICEclass-map match-all Video-Conf match access-group
101 match protocol h323 match protocol rtcp match protocol rtp audio match
access-group 103class-map type inspect match-all WebSecure match protocol
httpsclass-map match-all SecureWeb match protocol secure-http
policy-map type inspect urlfilter SocialNetworking parameter type urlfpolicy
local URLFilter class type urlfilter SocialNetworking log reset class type
urlfilter PermittedSites allow logpolicy-map type inspect InsideToOutside
class type inspect Web inspect service-policy urlfilter SocialNetworking
class type inspect Control inspect class type inspect WebSecure inspect
class class-default drop
policy-map type inspect OutsideToInside class type inspect Control inspect
class class-default drop!zone security Insidezone security Outsidezone-pair
security Inside_to_Ouside source Inside destination Outside service-policy
type inspect InsideToOutsidezone-pair security Outside_to_Inside source
Outside destination Inside service-policy type inspect OutsideToInside
ip access-list standard Inside permit 10.0.90.0 0.0.0.255
access-list 101 permit udp any anyaccess-list 101 permit tcp any
anyaccess-list 101 permit icmp any anyaccess-list 101 permit ip any any
Kind regards,
SameerCCIE #29978 R&S
Blogs and organic groups at http://www.ccie.net
Received on Thu Oct 20 2011 - 15:32:28 ART
This archive was generated by hypermail 2.2.0 : Tue Nov 15 2011 - 13:10:29 ART