Packet Tracer Blog

3.75 1 1 1 1 1 Rating 3.75 (12 Votes)

Zone based firewalling is available in Cisco Packet Tracer 2800 routers with IOS 12.4(15)T1 and in new 2901/2911 ISR routers with IOS 15.1(4). This feature was introduced by Cisco in IOS 12.4(6)release.

The zone-member command seems to be only available on 2811 router's FastEthernet interfaces. It is not available on vlan interfaces of this router or in a 2911 router.

Configuration example:

class-map type inspect match-all all-private
 match access-group 101
!         
policy-map type inspect priv-pub-pmap
 class type inspect all-private
  inspect
 class class-default
!
zone security public
zone security private

zone-pair security priv-pub source private destination public
 service-policy type inspect priv-pub-pmap
! 
interface FastEthernet0/0
 ip address 192.168.110.44 255.255.255.0
 zone-member security public
!