Untitled

object-group network remote-pcs
host hoszt-1-ip
host hoszt-2-ip

object-group network voip-providers
host voip-provider-1-ip
host voip-provider-1-ip

ip access-list extended FW_EXCLUSIONS_ACL
permit udp any host 255.255.255.255 range 67 68
permit tcp object-group remote-pcs any eq SSH_PORT
permit udp object-group voip-providers any eq SIP_PORT
permit udp any any eq STUN_PORT
permit udp any any range RTP_PORT_RANGES log


class-map type inspect match-any IN_TO_OUT_CLASS
  match protocol http
  match protocol https
  match protocol pop3s
  match protocol smtp
  match protocol dns
  match protocol tcp
  match protocol udp

class-map type inspect match-all FW_EXCLUSIONS_CLASS
  match access-group name FW_EXCLUSIONS_ACL

policy-map type inspect IN_TO_OUT
  class IN_TO_OUT_CLASS
    inspect
  class class-default
    drop

policy-map type inspect FW_EXCLUSIONS
  class FW_EXCLUSIONS_CLASS
    inspect
  class class-default
    drop

zone security INSIDE
zone security OUTSIDE

zone-pair security INSIDE-to-OUTSIDE source INSIDE destination OUTSIDE
  service-policy type inspect IN_TO_OUT
zone-pair security OUTSIDE-to-INSIDE source OUTSIDE destination INSIDE
  service-policy type inspect FW_EXCLUSIONS

interface BVI1
  zone-member security INSIDE
interface Vlan 600
  zone-member security INSIDE
interface Vlan 700
  zone-member security INSIDE
interface Fa4
  zone-member security OUTSIDE