In the network diagram below, there are no routes configured on the routers, yet there should be connectivity among all the routers; therefore, NAT is configured on R1. Zone-based policy firewall (ZBF) is also enabled on R1. TCP, UDP and ICMP traffic should be inspected from the inside to the outside. ICMP from R3 to R2 is the only traffic that should be inspected from the outside to the inside. All other traffic should be dropped.
There are a couple of configuration errors on R1, can you spot them and fix the config? The winner gets 1,500 Naira airtime to any Nigerian phone number. Please read contest rules here.
ip access-list extended OUT_TO_IN_ACL permit icmp host 192.168.13.3 host 192.168.13.2 ! class-map type inspect match-all IN_TO_OUT_CMAP match protocol tcp match protocol udp match protocol icmp class-map type inspect match-all OUT_TO_IN_CMAP match access-group name OUT_TO_IN_ACL ! policy-map type inspect IN_TO_OUT_PMAP class type inspect IN_TO_OUT_CMAP drop class class-default inspect policy-map type inspect OUT_TO_IN_PMAP class type inspect OUT_TO_IN_CMAP inspect class class-default drop ! zone security inside zone security outside ! zone-pair security ZP_IN_TO_OUT source inside destination outside service-policy type inspect IN_TO_OUT_PMAP zone-pair security ZP_OUT_TO_IN source outside destination inside service-policy type inspect OUT_TO_IN_PMAP ! interface fa0/0 ip address 192.168.12.1 255.255.255.0 ip nat outside zone-member security inside ! interface fa0/1 ip address 192.168.13.1 255.255.255.0 ip nat inside zone-member security outside ! ip nat source static 192.168.12.2 192.168.13.2 ip nat source static 192.168.13.3 192.168.12.3
Hint: R2 has an IP address of 192.168.12.2. R3 has an IP address of 192.168.13.3.
Note: You don’t have to paste the entire working config. Just highlight the parts with the errors and the fix for those errors.
Update: This contest is now closed. The solution has been posted here.