Department 2 Context Configuration (Example 3; Switch Configuration (Example 3 - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Routed Mode Sample Configurations
access-list MAIL extended permit tcp host 10.1.1.34 eq smtp host 10.1.1.7 eq smtp
access-list MAIL extended permit tcp host 10.1.1.35 eq smtp host 10.1.1.7 eq smtp
access-list MAIL extended permit tcp host 10.1.1.36 eq smtp host 10.1.1.7 eq smtp
access-list MAIL extended permit tcp host 10.1.1.37 eq smtp host 10.1.1.7 eq smtp
access-group MAIL out interface shared
aaa-server AAA-SERVER protocol tacacs+
aaa-server AAA-SERVER (shared) host 10.1.1.6
! All traffic matching the WEBSERVER access list must authenticate with the AAA server
aaa authentication match WEBSERVER outside AAA-SERVER
logging trap 4
! System log messages are sent to the syslog server on the Shared network
logging host shared 10.1.1.8
logging on
Department 2 Context Configuration (Example 3)
To change to a context configuration, enter the changeto context name command. To change back to the
system, enter changeto system.
interface vlan 200
interface vlan 203
interface vlan 300
passwd maz1r1an
enable password ly0ne$$e
route outside 0 0 209.165.201.2 1
nat (inside) 1 10.1.3.0 255.255.255.0
! The inside network uses PAT when accessing the outside
global (outside) 1 209.165.201.10 netmask 255.255.255.255
! The inside network uses PAT when accessing the shared network
global (shared) 1 10.1.1.38
access-list INTERNET remark -Allows all inside hosts to access the outside
access-list INTERNET remark -and shared network for any IP traffic
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside
access-list MAIL remark -Allows only mail traffic from inside to exit out the shared int
access-list MAIL extended permit tcp host 10.1.1.38 host 10.1.1.7 eq smtp
! Note that the translated PAT address is used.
access-group MAIL out interface shared
logging trap 3
! System log messages are sent to the syslog server on the Shared network
logging host shared 10.1.1.8
logging on
Switch Configuration (Example 3)
The following lines in the Cisco IOS switch configuration relate to the FWSM:
...
firewall module 6 vlan-group 1
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-12
key TheUauthKey
server-port 16
nameif outside
security-level 0
ip address 209.165.201.5 255.255.255.224
nameif inside
security-level 100
ip address 10.1.3.1 255.255.255.0
nameif shared
security-level 50
ip address 10.1.1.3 255.255.255.0
Appendix B
Sample Configurations
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
