service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname firewall
!
boot system flash c3620-io-mz.120-3.T3.bin
logging buffered 100000 debugging
enable secret 5 $1$hqZ4$k9Mvt5yfvbpipYmFGbTSS/
!
username Brisbane password 7 xxxxxxxxx
username Adelaide password 7 xxxxxxxx
username Perth password 7 xxxxxxx
clock timezone EST 10
ip subnet-zero
ip host Perth 125.1.100.24
ip domain-name corp.com.au
ip name-server 125.1.10.3
!
ip inspect name corp tcp
ip inspect name corp udp
ip inspect name corp http
ip inspect name corp ftp
ip inspect name corp smtp
frame-relay de-list 1 protocol ip
frame-relay switching
isdn switch-type basic-net3
!
!
!
interface BRI0/0
description 64K ISDN On-Ramp Backup Service to Brisbane & Adelaide
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap
!
interface Ethernet0/0
description Sydney Local Ethernet Segment
ip address 172.25.201.1 255.255.0.0
no ip directed-broadcast
no keepalive
!
interface Ethernet1/0
desc Sydney untrusted segment
ip address 192.168.3.3 255.255.255.0
ip access-group 100 in
no ip directed-broadcast
!
interface Serial1/0
description 192K CIR - 576K ACCESS to Perth
mtu 800
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
priority-group 1
frame-relay lmi-type ansi
frame-relay route 16 interface Serial1/1 16
frame-relay route 20 interface Serial1/1 20
frame-relay route 22 interface Serial1/1 22
!
interface Serial1/0.1 point-to-point
description 192K CIR PVC to Perth
mtu 800
bandwidth 192
ip unnumbered Ethernet0/0
ip inspect corp in
no ip directed-broadcast
backup delay 5 10
backup interface Dialer0
frame-relay de-group 1 17
frame-relay interface-dlci 17
frame-relay payload-compression packet-by-packet
!
interface Serial1/0.2 point-to-point
description 16K PVC to Adelaide
mtu 800
ip unnumbered Ethernet0/0
no ip directed-broadcast
backup delay 5 10
backup interface Dialer1
frame-relay de-group 1 21
frame-relay interface-dlci 21
frame-relay payload-compression packet-by-packet
!
interface Serial1/0.3 point-to-point
description 16K PVC to Brisbane
mtu 800
ip unnumbered Ethernet0/0
no ip directed-broadcast
backup delay 5 10
backup interface Dialer2
frame-relay de-group 1 23
frame-relay interface-dlci 23
frame-relay payload-compression packet-by-packet
!
interface Serial1/1
description Frame Relay Voice Service to Micom Marathon
mtu 800
no ip address
no ip directed-broadcast
encapsulation frame-relay
shutdown
clockrate 500000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 16 interface Serial1/0 16
frame-relay route 20 interface Serial1/0 20
frame-relay route 22 interface Serial1/0 22
!
interface Dialer0
description 64K ISDN Backup Service to Perth
ip unnumbered Ethernet0/0
no ip directed-broadcast
encapsulation ppp
dialer remote-name Perth
dialer pool 1
dialer-group 1
ppp authentication chap
!
interface Dialer1
description 64K ISDN Backup Service to Adelaide
ip unnumbered Ethernet0/0
no ip directed-broadcast
encapsulation ppp
dialer remote-name Adelaide
dialer string XXXXXXXXXXXXX
dialer pool 1
dialer-group 1
ppp authentication chap
!
interface Dialer2
description 64K ISDN Backup Service to Brisbane
ip unnumbered Ethernet0/0
no ip directed-broadcast
encapsulation ppp
dialer remote-name Brisbane
dialer string XXXXXXXXXXXX
dialer pool 1
dialer-group 1
ppp authentication chap
!
router eigrp 69
redistribute static route-map static2eigrp
network 172.25.0.0
network 192.168.3.0
default-metric 1000 1000 254 1 1500
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 125.1.100.24
ip route 172.16.10.0 255.255.255.0 192.168.3.1
ip route 172.16.15.0 255.255.255.0 192.168.3.1
ip route 172.16.20.0 255.255.255.0 192.168.3.1
ip route 192.168.4.0 255.255.255.0 192.168.3.1
ip route 192.168.7.0 255.255.255.0 192.168.3.1
ip route 192.168.10.0 255.255.255.0 192.168.3.1
ip route 192.168.52.0 255.255.255.0 172.25.201.3
ip route 192.168.144.0 255.255.255.0 192.168.3.1
no ip http server
!
!
map-class frame-relay cir64k
frame-relay traffic-rate 192000 500000
frame-relay adaptive-shaping becn
!
map-class frame-relay cir32k
frame-relay traffic-rate 32000 40000
frame-relay adaptive-shaping becn
!
map-class frame-relay cir16k
frame-relay traffic-rate 16000 24000
frame-relay adaptive-shaping becn
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.144.0 0.0.0.255
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 1 permit 172.16.15.0 0.0.0.255
access-list 1 permit 172.16.20.0 0.0.0.255
access-list 100 permit icmp any any
access-list 100 permit ip 192.168.3.0 0.0.0.255 172.25.0.0 0.0.255.255
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq 3389
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq www
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq 443
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq ftp-data
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq ftp
access-list 100 permit tcp any any established
priority-list 1 protocol ip normal
priority-list 1 protocol cdp normal
priority-list 1 default high
dialer-list 1 protocol ip permit
route-map static2eigrp permit 10
match ip address 1
!
snmp-server engineID local 00000009020000107B309C81
snmp-server community public RO
alias exec sa show access-list
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 XXXXXXXXXXXXXX
login
!
""Steven A. Ridder"" wrote in message
news:200207150158.BAA27946@xxxxxxxxxxxxxxxxx
> not enough info to tell
> Need more of the config.
>
>
> ""Dennis Cooper"" wrote in message
> news:200207150151.BAA26981@xxxxxxxxxxxxxxxxx
> > Hi Steve
> >
> > Here is an extract from the config - access-list 100 controls traffic
from
> > the "untrusted" section of the company being migrated.
> >
> > "firewall" is the name of the ip inspect policy
> >
> > interface Ethernet0/0
> > description Sydney Local Ethernet Segment
> > ip address 172.25.201.1 255.255.0.0
> > no keepalive
> > !
> > interface Ethernet1/0
> > ip address 192.168.3.3 255.255.255.0
> > ip access-group 100 in
> > !
> > interface Serial1/0
> > description 192K CIR - 576K ACCESS to Head Office
> > mtu 800
> > no ip address
> > encapsulation frame-relay
> > no ip mroute-cache
> > priority-group 1
> > frame-relay lmi-type ansi
> > frame-relay route 16 interface Serial1/1 16
> > frame-relay route 20 interface Serial1/1 20
> > frame-relay route 22 interface Serial1/1 22
> > !
> > interface Serial1/0.1 point-to-point
> > description 192K CIR PVC to Head Office
> > mtu 800
> > backup delay 5 10
> > backup interface Dialer0
> > ip unnumbered Ethernet0/0
> > ip inspect firewall in
> > bandwidth 192
> > frame-relay de-group 1 17
> > frame-relay interface-dlci 17
> > frame-relay payload-compression packet-by-packet
> >
> >
> > ""Steven A. Ridder"" wrote in message
> > news:200207131318.NAA13216@xxxxxxxxxxxxxxxxx
> > > show me the configs
> > >
> > > ""Dennis Cooper"" wrote in message
> > > news:200207131051.KAA04100@xxxxxxxxxxxxxxxxx
> > > > Hi guys
> > > >
> > > > The scenario is two customer networks merging in the same building
and
> > we
> > > > have a Cisco 3620 in between the two LAN networks. (E0/0 and E1/0)
> > > >
> > > >
> > > > S0/0 -----------3620---------------E0/0 172.25.0.0/16
> > > > ---------------E1/0 192.168.3.0
> > > >
> > > >
> > > >
> > > > There is a Frame Relay service to head office on interface Serial
0/0
> > and
> > > is
> > > > currently ip unnmbered to the E0/0 interface.
> > > >
> > > > Using CBAC I cannot get the ip inspect stuff to work and I suspect
> > > either
> > > > 1. the code 12.0(3)T FFS
> > > > 2. IP unnumbered
> > > >
> > > > Q. Any one done this before?
> > > >
> > > > Regards
> > > >
> > > > Dennis Cooper
> > > > Lab date 13/08/2002 (but who's counting)
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=48802&t=48721
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx
