Example 3: System Configuration; Example 3: Admin Context Configuration - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Appendix B
Sample Configurations
Example 3: System Configuration
You must first enable multiple context mode using the mode multiple command. Then enter the
activation key to allow more than two contexts using the activation-key command. The mode and the
activation key are not stored in the configuration file, even though they do endure reboots. If you view
the configuration on the FWSM using the write terminal, show startup, or show running commands,
the mode displays after the FWSM Version (blank means single mode, "<system>" means you are in
multiple mode in the system configuration, and <context> means you are in multiple mode in a context).
hostname Ubik
password pkd55
enable password deckard69
admin-context admin
context admin
context department1
context department2
Example 3: Admin Context Configuration
hostname Admin
nameif vlan200 outside security0
nameif vlan201 inside security100
nameif vlan300 shared security50
passwd v00d00
enable password d011
ip address outside 209.165.201.3 255.255.255.224
ip address inside 10.1.0.1 255.255.255.0
ip address shared 10.1.1.1 255.255.255.0
route outside 0 0 209.165.201.2 1
nat (inside) 1 10.1.0.0 255.255.255.0
global (outside) 1 209.165.201.6 netmask 255.255.255.255 [ This context uses PAT for inside
users that access the outside ]
global (shared) 1 10.1.1.30 [ This context uses PAT for inside users that access the shared
network ]
static (inside,outside) 209.165.201.7 10.1.0.15 netmask 255.255.255.255 [ Because this host
can access the web server in the Department 1 context, it requires a static translation ]
static (inside,shared) 10.1.1.78 10.1.0.15 netmask 255.255.255.255 [ Because this host has
management access to the servers on the Shared interface, it requires a static translation
to be used in an ACL ]
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
and shared network for any IP traffic ]
access-list SHARED extended permit ip host 10.1.1.78 any
access-list SHARED extended permit tcp host 10.1.1.30 host 10.1.1.7 eq smtp
access-group SHARED out interface shared [ This ACL allows only mail traffic from the
inside network to exit out the shared interface, but allows the admin host to access any
server. Note that the translated addresses are used. ]
OL-6392-01
allocate-interface vlan200
allocate-interface vlan201
allocate-interface vlan300
config-url disk://admin.cfg
allocate-interface vlan200
allocate-interface vlan202
allocate-interface vlan300
config-url ftp://admin:passw0rd@10.1.0.16/dept1.cfg
allocate-interface vlan200
allocate-interface vlan203
allocate-interface vlan300
config-url ftp://admin:passw0rd@10.1.0.16/dept2.cfg
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Routed Mode Examples
B-9
Advertisement
Table of Contents
Troubleshooting
