Example 1: Customer A Context Configuration; Example 1: Customer B Context Configuration; Example 1: Customer C Context Configuration - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Routed Mode Examples
static (inside,outside) 209.165.201.30 10.1.1.75 netmask 255.255.255.255 [ The host at
10.1.1.75 has access to the Websense server in Customer C, so it needs a static
translation for use in Customer C's ACL ]
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
for any IP traffic ]
Example 1: Customer A Context Configuration
nameif vlan3 outside security0
nameif vlan5 inside security100
passwd hell0!
enable password enter55
ip address outside 209.165.201.3 255.255.255.224
ip address inside 10.1.2.1 255.255.255.0
route outside 0 0 209.165.201.1 1
route inside 192.168.1.0 255.255.255.0 10.1.2.2 1 [ The Customer A context has a second
network behind an inside router that requires a static route. All other traffic is handled
by the default route pointing to the MSFC. ]
nat (inside) 1 10.1.2.0 255.255.255.0
global (outside) 1 interface [ This context uses dynamic PAT for inside users that access
that outside. The outside interface address is used for the PAT address ]
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside [ Allows all inside hosts to access the outside
for any IP traffic ]
Example 1: Customer B Context Configuration
nameif vlan3 outside security0
nameif vlan6 inside security100
passwd tenac10us
enable password defen$e
ip address outside 209.165.201.4 255.255.255.224
ip address inside 10.1.3.1 255.255.255.0
route outside 0 0 209.165.201.1 1
nat (inside) 1 10.1.3.0 255.255.255.0
global (outside) 1 209.165.201.9 netmask 255.255.255.255 [ This context uses dynamic PAT
for inside users that access the outside ]
access-list INTERNET extended permit tcp any any eq http
access-list INTERNET extended permit tcp any any eq https
access-group INTERNET in interface inside [ Inside users can only access HTTP and HTTPS
servers on the outside ]
Example 1: Customer C Context Configuration
nameif vlan3 outside security0
nameif vlan7 inside security100
nameif vlan8 dmz security50
passwd fl0wer
enable password treeh0u$e
ip address outside 209.165.201.5 255.255.255.224
ip address inside 10.1.4.1 255.255.255.0
ip address dmz 192.168.2.1 255.255.255.0
route outside 0 0 209.165.201.1 1
url-server (dmz) vendor websense host 192.168.2.2 url-block block 50
url-cache dst 128
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
B-4
Appendix B
Sample Configurations
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
