I was trying to understand the task.....but my main problem is the direction of the packets...
the task says:
Apply filtering to the VPN traffic exchanged between R4 and R6.
• The Frame-Relay connection should be the outside interface.--- S0/0/0-OUTSIDE INTERFACE...OK
• Permit ICMP packets across the firewall (either direction).
• Permit HTTP and SSL access to a Web server at 204.12.X.100.---
• Permit any TCP and UDP sessions initiated from behind R6 to return.
• Limit the aggregate rate of DNS and ICMP packets inbound to 128Kbps
I did that way, do you think that is correct:
ip access-list ex ACL_HTTP_SSL_OUT_TO_IN
permit ip any host 204.12.1.100
ip access-list ex TCP_UDP_IN_TO_OUT
permit tcp any any
permit udp any any
class-map type inspect CMAP-HTTP-SSL-OUT-TO-IN
match access-group name ACL_HTTP_SSL_OUT_TO_IN
match protocol http
match protocol https
class-map type inspect CMAP_TCP_UDP_IN_TO_OUT
match access-group name TCP_UDP_IN_TO_OUT
class-map type inspect CMAP_DNS_ICMP_OUT_TO_IN
match access-group name TCP_UDP_IN_TO_OUT
policy-map type inspect PMAP_IN_TO_OUT
class CMAP_TCP_UDP_IN_TO_OUT
inspect
policy-map type inspect PMAP_OUT_TO_IN
class CMAP-HTTP-SSL-OUT-TO-IN
inspect
class CMAP_DNS_ICMP_OUT_TO_IN
police rate 128000 burst 8000
zone-pair security ZP_IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect PMAP_IN_TO_OUT
zone-pair security ZP_OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect PMAP_OUT_TO_IN