GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: IP unnumbered and CBAC [7:48721] posted 07/15/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname firewall
!
boot system flash c3620-io-mz.120-3.T3.bin
logging buffered 100000 debugging
enable secret 5 $1$hqZ4$k9Mvt5yfvbpipYmFGbTSS/
!
username Brisbane password 7 xxxxxxxxx
username Adelaide password 7 xxxxxxxx
username Perth password 7 xxxxxxx
clock timezone EST 10
ip subnet-zero
ip host Perth 125.1.100.24
ip domain-name corp.com.au
ip name-server 125.1.10.3
!
ip inspect name corp tcp
ip inspect name corp udp
ip inspect name corp http
ip inspect name corp ftp
ip inspect name corp smtp
frame-relay de-list 1 protocol ip
frame-relay switching
isdn switch-type basic-net3
!
!
!
interface BRI0/0
 description 64K ISDN On-Ramp Backup Service to Brisbane & Adelaide
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer pool-member 1
 isdn switch-type basic-net3
 ppp authentication chap
!
interface Ethernet0/0
 description Sydney Local Ethernet Segment
 ip address 172.25.201.1 255.255.0.0
 no ip directed-broadcast
 no keepalive
!
interface Ethernet1/0
 desc Sydney untrusted segment
 ip address 192.168.3.3 255.255.255.0
 ip access-group 100 in
 no ip directed-broadcast
!
interface Serial1/0
 description 192K CIR - 576K ACCESS to Perth
 mtu 800
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 no ip mroute-cache
 priority-group 1
 frame-relay lmi-type ansi
 frame-relay route 16 interface Serial1/1 16
 frame-relay route 20 interface Serial1/1 20
 frame-relay route 22 interface Serial1/1 22
!
interface Serial1/0.1 point-to-point
 description 192K CIR PVC to Perth
 mtu 800
 bandwidth 192
 ip unnumbered Ethernet0/0
 ip inspect corp in
 no ip directed-broadcast
 backup delay 5 10
 backup interface Dialer0
 frame-relay de-group 1 17
 frame-relay interface-dlci 17
 frame-relay payload-compression packet-by-packet
!
interface Serial1/0.2 point-to-point
 description 16K PVC to Adelaide
 mtu 800
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 backup delay 5 10
 backup interface Dialer1
 frame-relay de-group 1 21
 frame-relay interface-dlci 21
 frame-relay payload-compression packet-by-packet
!
interface Serial1/0.3 point-to-point
 description 16K PVC to Brisbane
 mtu 800
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 backup delay 5 10
 backup interface Dialer2
 frame-relay de-group 1 23
 frame-relay interface-dlci 23
 frame-relay payload-compression packet-by-packet
!
interface Serial1/1
 description Frame Relay Voice Service to Micom Marathon
 mtu 800
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 shutdown
 clockrate 500000
 frame-relay lmi-type ansi
 frame-relay intf-type dce
 frame-relay route 16 interface Serial1/0 16
 frame-relay route 20 interface Serial1/0 20
 frame-relay route 22 interface Serial1/0 22
!
interface Dialer0
 description 64K ISDN Backup Service to Perth
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Perth
 dialer pool 1
 dialer-group 1
 ppp authentication chap
!
interface Dialer1
 description 64K ISDN Backup Service to Adelaide
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Adelaide
 dialer string XXXXXXXXXXXXX
 dialer pool 1
 dialer-group 1
 ppp authentication chap
!
interface Dialer2
 description 64K ISDN Backup Service to Brisbane
 ip unnumbered Ethernet0/0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name Brisbane
 dialer string XXXXXXXXXXXX
 dialer pool 1
 dialer-group 1
 ppp authentication chap
!
router eigrp 69
 redistribute static route-map static2eigrp
 network 172.25.0.0
 network 192.168.3.0
 default-metric 1000 1000 254 1 1500
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 125.1.100.24
ip route 172.16.10.0 255.255.255.0 192.168.3.1
ip route 172.16.15.0 255.255.255.0 192.168.3.1
ip route 172.16.20.0 255.255.255.0 192.168.3.1
ip route 192.168.4.0 255.255.255.0 192.168.3.1
ip route 192.168.7.0 255.255.255.0 192.168.3.1
ip route 192.168.10.0 255.255.255.0 192.168.3.1
ip route 192.168.52.0 255.255.255.0 172.25.201.3
ip route 192.168.144.0 255.255.255.0 192.168.3.1
no ip http server
!
!
map-class frame-relay cir64k
 frame-relay traffic-rate 192000 500000
 frame-relay adaptive-shaping becn
!
map-class frame-relay cir32k
 frame-relay traffic-rate 32000 40000
 frame-relay adaptive-shaping becn
!
map-class frame-relay cir16k
 frame-relay traffic-rate 16000 24000
 frame-relay adaptive-shaping becn
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.144.0 0.0.0.255
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 1 permit 172.16.15.0 0.0.0.255
access-list 1 permit 172.16.20.0 0.0.0.255
access-list 100 permit icmp any any
access-list 100 permit ip 192.168.3.0 0.0.0.255 172.25.0.0 0.0.255.255
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq 3389
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq www
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq 443
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq ftp-data
access-list 100 permit tcp any 203.19.170.0 0.0.0.31 eq ftp
access-list 100 permit tcp any any established
priority-list 1 protocol ip normal
priority-list 1 protocol cdp normal
priority-list 1 default high
dialer-list 1 protocol ip permit
route-map static2eigrp permit 10
 match ip address 1
!
snmp-server engineID local 00000009020000107B309C81
snmp-server community public RO
alias exec sa show access-list
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password 7 XXXXXXXXXXXXXX
 login
!
""Steven A. Ridder""  wrote in message
news:200207150158.BAA27946@xxxxxxxxxxxxxxxxx
> not enough info to tell
> Need more of the config.
>
>
> ""Dennis Cooper""  wrote in message
> news:200207150151.BAA26981@xxxxxxxxxxxxxxxxx
> > Hi Steve
> >
> > Here is an extract from the config - access-list 100 controls traffic
from
> > the "untrusted" section of the company being migrated.
> >
> > "firewall" is the name of the ip inspect policy
> >
> > interface Ethernet0/0
> >  description Sydney Local Ethernet Segment
> >  ip address 172.25.201.1 255.255.0.0
> >  no keepalive
> > !
> > interface Ethernet1/0
> >  ip address 192.168.3.3 255.255.255.0
> >  ip access-group 100 in
> > !
> > interface Serial1/0
> >  description 192K CIR - 576K ACCESS to Head Office
> >  mtu 800
> >  no ip address
> >  encapsulation frame-relay
> >  no ip mroute-cache
> >  priority-group 1
> >  frame-relay lmi-type ansi
> >  frame-relay route 16 interface Serial1/1 16
> >  frame-relay route 20 interface Serial1/1 20
> >  frame-relay route 22 interface Serial1/1 22
> > !
> > interface Serial1/0.1 point-to-point
> >  description 192K CIR PVC to Head Office
> >  mtu 800
> >  backup delay 5 10
> >  backup interface Dialer0
> >  ip unnumbered Ethernet0/0
> >  ip inspect firewall in
> >  bandwidth 192
> >  frame-relay de-group 1 17
> >  frame-relay interface-dlci 17
> >  frame-relay payload-compression packet-by-packet
> >
> >
> > ""Steven A. Ridder""  wrote in message
> > news:200207131318.NAA13216@xxxxxxxxxxxxxxxxx
> > > show me the configs
> > >
> > > ""Dennis Cooper""  wrote in message
> > > news:200207131051.KAA04100@xxxxxxxxxxxxxxxxx
> > > > Hi guys
> > > >
> > > > The scenario is two customer networks merging in the same building
and
> > we
> > > > have a Cisco 3620 in between the two LAN networks. (E0/0 and E1/0)
> > > >
> > > >
> > > > S0/0 -----------3620---------------E0/0 172.25.0.0/16
> > > >                                 ---------------E1/0    192.168.3.0
> > > >
> > > >
> > > >
> > > > There is a Frame Relay service to head office on interface Serial
0/0
> > and
> > > is
> > > > currently ip unnmbered to the E0/0 interface.
> > > >
> > > > Using CBAC I cannot get  the ip inspect stuff to work and I suspect
> > > either
> > > > 1. the code 12.0(3)T FFS
> > > > 2. IP unnumbered
> > > >
> > > > Q.  Any one done this before?
> > > >
> > > > Regards
> > > >
> > > > Dennis Cooper
> > > > Lab date 13/08/2002 (but who's counting)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=48802&t=48721
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx