policy-map type inspect A_OUTBOUND_INTERNET
class type inspect 4_IPSEC_CLASS
pass
class-map type inspect match-any 4_IPSEC_CLASS
match class-map CLASS_ESP
match class-map CLASS_GRE
class-map type inspect match-any CLASS_ESP
match access-group name ACL_ESP
class-map type inspect match-any CLASS_GRE
match access-group name ACL_GRE
ip access-list extended ACL_AH
permit ahp any any
ip access-list extended ACL_ESP
permit esp any any
ip access-list extended ACL_GRE
permit gre any any
Policy Map type inspect A_OUTBOUND_POLICY
Class 1_INVALID_TRAFFIC
Drop log
Class 2_TORRENT_TRAFFIC
Drop
Class 3_ICMP_TRAFFIC
Inspect
Class 6_VUE_TRAFFIC
Inspect
Class 7_GRE_TRAFFIC
Pass
Class 8_VPN_TRAFFIC
Pass
Class 9_INTERNET_TRAFFIC
Inspect
Class class-default
Drop
class-map type inspect match-any 7_GRE_TRAFFIC
match class-map CLASS_GRE
class-map type inspect match-any CLASS_GRE
match access-group name ACL_GRE
match access-group name ACL_L2TP (for CiscoVPN Client)
class-map type inspect match-all 8_VPN_TRAFFIC
match class-map CLASS_ANY_VPN
class-map type inspect match-any CLASS_ANY_VPN
match class-map CLASS_AH
match class-map CLASS_ESP
Extended IP access list ACL_L2TP
10 permit udp any any eq isakmp (4 matches)
20 permit udp any any eq non500-isakmp
30 permit esp any any
No comments:
Post a Comment