Lab 6.2 Configuring CBAC
Lab 6.2 Configuring CBAC
Lab 6.2 Configuring CBAC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
attempted, the denied packets from OUTSIDE to INSIDE would be logged to<br />
FW’s console line as well.<br />
INSIDE# ping 192.168.23.3<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 192.168.23.3, timeout is 2 seconds:<br />
!!!!!<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/60 ms<br />
FW#<br />
*Feb 18 02:23:29.591: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.591: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.591: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.619: <strong>CBAC</strong>: ICMP Echo Reply pkt 192.168.23.3 => 172.16.12.1<br />
*Feb 18 02:23:29.647: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.675: <strong>CBAC</strong>: ICMP Echo Reply pkt 192.168.23.3 => 172.16.12.1<br />
*Feb 18 02:23:29.703: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.735: <strong>CBAC</strong>: ICMP Echo Reply pkt 192.168.23.3 => 172.16.12.1<br />
*Feb 18 02:23:29.763: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.791: <strong>CBAC</strong>: ICMP Echo Reply pkt 192.168.23.3 => 172.16.12.1<br />
*Feb 18 02:23:29.819: <strong>CBAC</strong>: ICMP Echo pkt 172.16.12.1 => 192.168.23.3<br />
*Feb 18 02:23:29.847: <strong>CBAC</strong>: ICMP Echo Reply pkt 192.168.23.3 => 172.16.12.1<br />
FW# undebug all<br />
Final Configurations<br />
INSIDE# show run<br />
hostname INSIDE<br />
!<br />
interface Serial0/0/0<br />
ip address 172.16.12.1 255.255.255.0<br />
clock rate 64000<br />
no shutdown<br />
!<br />
ip route 0.0.0.0 0.0.0.0 172.16.12.2<br />
!<br />
line vty 0 4<br />
password cisco<br />
login<br />
end<br />
FW# show run<br />
hostname FW<br />
!<br />
ip inspect name myrules tcp<br />
ip inspect name myrules udp<br />
ip inspect name myrules icmp timeout 5<br />
ip inspect name myrules http alert off<br />
ip inspect name myrules ftp audit-trail on<br />
ip inspect udp idle-time 60<br />
!<br />
interface Serial0/0/0<br />
ip address 172.16.12.2 255.255.255.0<br />
ip inspect myrules in<br />
no shutdown<br />
!<br />
interface Serial0/0/1<br />
ip address 192.168.23.2 255.255.255.0<br />
ip access-group 100 in<br />
clock rate 64000<br />
no shutdown<br />
7 - 8 CCNP: Implementing Secure Converged Wide-area Networks v5.0 - <strong>Lab</strong> 6-2 Copyright © 2007, Cisco Systems, Inc