frenchbread/ee.txt

## ee.txt
spanning-tree mode pvst
!
class-map type inspect match-all LAN-TO-WAN-CLASS
 match access-group name LAN-TO-WAN
class-map type inspect match-all WAN-TO-LAN
 match access-group name WAN-TO-LAN
class-map type inspect match-all WAN-TO-LAN-CLASS
 match access-group name WAN-TO-LAN
class-map type inspect match-all LAN-TO-DMZ-CLASS
 match access-group name LAN-TO-DMZ
class-map type inspect match-all WAN-TO-DMZ-CLASS
 match access-group name WAN-TO-DMZ
!
policy-map type inspect LAN-TO-WAN-POLICY
 class type inspect LAN-TO-WAN-CLASS
  inspect
!
policy-map type inspect WAN-TO-LAN-POLICY
 class type inspect WAN-TO-LAN-CLASS
  inspect
!
policy-map type inspect LAN-TO-DMZ-POLICY
 class type inspect LAN-TO-DMZ-CLASS
  pass
!
policy-map type inspect WAN-TO-DMZ-POLICY
 class type inspect WAN-TO-DMZ-CLASS
  inspect
!
!
!
zone security LAN
zone security WAN
zone security DMZ
zone-pair security LAN-TO-WAN source LAN destination WAN
 service-policy type inspect LAN-TO-WAN-POLICY
zone-pair security WAN-TO-LAN source WAN destination LAN
 service-policy type inspect WAN-TO-LAN-POLICY
zone-pair security LAN-TO-DMZ source LAN destination DMZ
 service-policy type inspect LAN-TO-DMZ-POLICY
zone-pair security WAN-TO-DMZ source WAN destination DMZ
 service-policy type inspect WAN-TO-DMZ-POLICY
!
!
interface GigabitEthernet0/0
 ip address 192.168.0.1 255.255.255.0
 zone-member security LAN
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 172.16.0.1 255.255.255.0
 zone-member security DMZ
 duplex auto
 speed auto
!
interface Serial0/0/0
 ip address 10.0.0.2 255.255.255.252
 zone-member security WAN
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 clock rate 2000000
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
ip flow-export version 9
!
!
ip access-list extended LAN-TO-WAN
 permit tcp 192.168.0.0 0.0.0.255 any eq www
 permit tcp 192.168.0.0 0.0.0.255 any eq 443
 permit icmp 192.168.0.0 0.0.0.255 any
ip access-list extended WAN-TO-LAN
 permit icmp any 192.168.0.0 0.0.0.255
ip access-list extended LAN-TO-DMZ
 permit tcp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255 eq www
 permit tcp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255 eq 443
 permit icmp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
ip access-list extended WAN-TO-DMZ
 permit icmp any 172.16.0.0 0.0.0.255
!
!
!
!
!
line con 0
 logging synchronous
!
line aux 0
!
line vty 0 4
 login
!
!
!
end
	spanning-tree mode pvst
	!
	class-map type inspect match-all LAN-TO-WAN-CLASS
	match access-group name LAN-TO-WAN
	class-map type inspect match-all WAN-TO-LAN
	match access-group name WAN-TO-LAN
	class-map type inspect match-all WAN-TO-LAN-CLASS
	match access-group name WAN-TO-LAN
	class-map type inspect match-all LAN-TO-DMZ-CLASS
	match access-group name LAN-TO-DMZ
	class-map type inspect match-all WAN-TO-DMZ-CLASS
	match access-group name WAN-TO-DMZ
	!
	policy-map type inspect LAN-TO-WAN-POLICY
	class type inspect LAN-TO-WAN-CLASS
	inspect
	!
	policy-map type inspect WAN-TO-LAN-POLICY
	class type inspect WAN-TO-LAN-CLASS
	inspect
	!
	policy-map type inspect LAN-TO-DMZ-POLICY
	class type inspect LAN-TO-DMZ-CLASS
	pass
	!
	policy-map type inspect WAN-TO-DMZ-POLICY
	class type inspect WAN-TO-DMZ-CLASS
	inspect
	!
	!
	!
	zone security LAN
	zone security WAN
	zone security DMZ
	zone-pair security LAN-TO-WAN source LAN destination WAN
	service-policy type inspect LAN-TO-WAN-POLICY
	zone-pair security WAN-TO-LAN source WAN destination LAN
	service-policy type inspect WAN-TO-LAN-POLICY
	zone-pair security LAN-TO-DMZ source LAN destination DMZ
	service-policy type inspect LAN-TO-DMZ-POLICY
	zone-pair security WAN-TO-DMZ source WAN destination DMZ
	service-policy type inspect WAN-TO-DMZ-POLICY
	!
	!
	interface GigabitEthernet0/0
	ip address 192.168.0.1 255.255.255.0
	zone-member security LAN
	duplex auto
	speed auto
	!
	interface GigabitEthernet0/1
	ip address 172.16.0.1 255.255.255.0
	zone-member security DMZ
	duplex auto
	speed auto
	!
	interface Serial0/0/0
	ip address 10.0.0.2 255.255.255.252
	zone-member security WAN
	clock rate 2000000
	!
	interface Serial0/0/1
	no ip address
	clock rate 2000000
	shutdown
	!
	interface Vlan1
	no ip address
	shutdown
	!
	ip classless
	ip route 0.0.0.0 0.0.0.0 10.0.0.1
	!
	ip flow-export version 9
	!
	!
	ip access-list extended LAN-TO-WAN
	permit tcp 192.168.0.0 0.0.0.255 any eq www
	permit tcp 192.168.0.0 0.0.0.255 any eq 443
	permit icmp 192.168.0.0 0.0.0.255 any
	ip access-list extended WAN-TO-LAN
	permit icmp any 192.168.0.0 0.0.0.255
	ip access-list extended LAN-TO-DMZ
	permit tcp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255 eq www
	permit tcp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255 eq 443
	permit icmp 192.168.0.0 0.0.0.255 172.16.0.0 0.0.0.255
	ip access-list extended WAN-TO-DMZ
	permit icmp any 172.16.0.0 0.0.0.255
	!
	!
	!
	!
	!
	line con 0
	logging synchronous
	!
	line aux 0
	!
	line vty 0 4
	login
	!
	!
	!
	end