22-46
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Chapter 22 Applying Application Layer Protocol Inspection
GTP Inspection
interface Vlan9
nameif outside
security-level 0
ip address 209.165.201.41 255.255.255.0 standby 209.165.201.40
!
passwd 2KFQnbNIdI.2KYOU encrypted
same-security-traffic permit inter-interface
object-group network GGSNS ================================configured object group to
define GGSNs
network-object host 10.4.1.32
network-object host 10.4.1.33
object-group network SGSNS =================================configured object group to
define SGSNs
network-object host 10.5.1.1
object-group network servers
network-object 10.2.1.0 255.255.255.0
network-object host 10.6.1.25
network-object host 10.6.1.26
network-object host 10.6.1.27
network-object host 10.4.1.32
network-object host 10.4.1.33
object-group network clients
network-object 10.6.1.0 255.255.255.0
network-object host 10.5.1.1
access-list gtpacl extended permit udp any any eq 2123
access-list gtpacl extended permit udp any any eq 3386
access-list gtpacl extended permit icmp any any
access-list gtpacl extended permit udp any any
access-list gtpacl extended permit tcp any any eq www
access-list gtpacl extended permit tcp any any eq ftp
access-list gtpacl extended permit tcp any any eq telnet
access-list gtpacl extended permit tcp any any eq ssh
access-list 112 extended permit tcp object-group servers object-group clients eq www
access-list 112 extended permit tcp object-group servers object-group clients eq https
access-list 112 extended permit tcp object-group servers object-group clients eq ftp
access-list 112 extended permit tcp object-group servers object-group clients eq telnet
access-list 112 extended permit udp object-group servers object-group clients eq 3386
access-list 112 extended permit udp object-group servers object-group clients eq 2123
access-list 112 extended permit tcp object-group servers object-group clients eq ssh
!
gtp-map GTPMAP ============================================================configured GTP
map to include the permit response cli
permit response to-object-group SGSNS from-object-group GGSNS
permit errors
!
pager lines 24
logging enable
logging timestamp
logging buffered debugging
mtu mgmt 1500
mtu inside 1500
mtu outside 1500
monitor-interface inside
monitor-interface outside
icmp permit any mgmt
icmp permit any inside
icmp permit any outside
asdm history enable
arp timeout 14400
nat-control
no xlate-bypass
static (outside,inside) 10.5.1.1 10.5.1.1 netmask 255.255.255.255
static (inside,outside) 10.4.1.31 10.4.1.31 netmask 255.255.255.255
static (inside,outside) 10.4.1.32 10.4.1.32 netmask 255.255.255.255
Содержание 6500 - Catalyst Series 10 Gigabit EN Interface Module Expansion
Страница 35: ...P A R T 1 Getting Started and General Information ...
Страница 36: ......
Страница 297: ...P A R T 2 Configuring the Security Policy ...
Страница 298: ......
Страница 521: ...P A R T 3 System Administration ...
Страница 522: ......
Страница 613: ...P A R T 4 Reference ...
Страница 614: ......