Example 3: Department 2 Context Configuration; Example 3: Switch Configuration; Example 4: Failover - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Appendix B
Sample Configurations
Example 3: Department 2 Context Configuration
nameif vlan200 outside security0
nameif vlan203 inside security100
nameif vlan300 shared security50
passwd maz1r1an
enable password ly0ne$$e
ip address outside 209.165.201.5 255.255.255.224
ip address inside 10.1.3.1 255.255.255.0
ip address shared 10.1.1.3 255.255.255.0
route outside 0 0 209.165.201.2 1
nat (inside) 1 10.1.3.0 255.255.255.0
global (outside) 1 209.165.201.10 netmask 255.255.255.255 [ The inside network uses PAT
when accessing the outside ]
global (shared) 1 10.1.1.38 [ The inside network uses PAT when accessing the shared
network ]
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
and shared network for any IP traffic ]
access-list MAIL extended permit tcp host 10.1.1.38 host 10.1.1.7 eq smtp
access-group MAIL out interface shared [ This ACL allows only mail traffic from the inside
network to exit out the shared interface. Note that the translated PAT address is used. ]
logging trap 3
logging host shared 10.1.1.8 [ System messages are sent to the syslog server on the Shared
network ]
logging on
Example 3: Switch Configuration
The following lines in the Cisco IOS switch configuration relate to the FWSM:
...
firewall module 6 vlan-group 1
firewall vlan-group 1 200-203,300
interface vlan 200
...
Example 4: Failover
This configuration shows a routed, multiple context mode FWSM in one switch, and another FWSM in
a second switch acting as a backup (see
interface, and context A, which is the admin context, also monitors the outside interface. Because the
outside interface is shared among all contexts, monitoring in one context benefits all contexts.
The secondary FWSM is also in routed, multiple context mode, and has the same software version.
OL-6392-01
ip address 209.165.201.2 255.255.255.224
no shut
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Figure
B-4). Each context (A, B, and C) monitors the inside
Routed Mode Examples
B-11
Advertisement
Table of Contents
Troubleshooting
