Example 2: Single Mode Firewall Using Same Security Level Example - Cisco 7604 Configuration Manual

Routed Mode Sample Configurations
firewall vlan-group 1 3-8
interface vlan 3
...

Example 2: Single Mode Firewall Using Same Security Level Example

The following configuration creates three internal interfaces. Two of the interfaces connect to
departments that are on the same security level. The DMZ interface hosts a syslog server. The
management host on the outside needs access to the Syslog server and the FWSM. To connect to the
FWSM, the host uses a VPN connection. FWSM uses RIP on the inside interfaces to learn routes.
Because the FWSM does not advertise routes with RIP, the upstream router needs to use static routes for
FWSM traffic (see
The Department networks are allowed to access the Internet and use PAT.
Figure B-2
Department 1
See the following sections for the configurations for this section:
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-6
ip address 209.165.201.1 255.255.255.224
no shutdown
Figure B-2).
Example 2
Internet
outside
209.165.201.3
dept1
10.1.1.1
VLAN 5
dept2
10.1.2.1
Department 2
VLAN 9
Department 2
Network 2
Management Host
209.165.200.225
MSFC
209.165.201.1
VLAN 3
DMZ
192.168.2.1
VLAN 10
Syslog Server
192.168.2.2
VLAN 4
10.1.2.2
192.168.1.1
Appendix B Sample Configurations
OL-20748-01