Cisco Systems adding a pix to dual router setup

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
adding a pix to dual router setup jleleux 10-09-06
Posted by on October 9, 2006, 5:53 pm
Please log in for more thread options
I am having some trouble adding a PIX 515E to my current setup. I
have 2 DSL lines coming into 2 Cisco 1801's. One of my DSL lines
handles my server traffic while the other line serves as an internet
connection for my users. I have 12 vlans setup to handle all of the
user traffic. My Server DSL has a PIX setup on it while my User DSL
is using an IOS Firewall setup on the 1801. I am trying to add a PIX
to the User DSL. I need to know what to change on the User 1801 to
accomodate the new PIX. Here are my configs for the 1801's:
If anyone needs any more info, let me know.

User 1801:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname USER_1801
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.9
ip dhcp excluded-address 192.168.3.1 192.168.3.9
ip dhcp excluded-address 192.168.4.1 192.168.4.9
ip dhcp excluded-address 192.168.5.1 192.168.5.9
ip dhcp excluded-address 192.168.6.1 192.168.6.9
ip dhcp excluded-address 192.168.7.1 192.168.7.9
ip dhcp excluded-address 192.168.8.1 192.168.8.9
ip dhcp excluded-address 192.168.9.1 192.168.9.9
ip dhcp excluded-address 192.168.10.1 192.168.10.9
ip dhcp excluded-address 192.168.11.1 192.168.11.9
ip dhcp excluded-address 192.168.15.1 192.168.15.9
ip dhcp excluded-address 192.168.20.1 192.168.20.9
ip dhcp excluded-address 192.168.21.1 192.168.21.9
ip dhcp excluded-address 192.168.100.1 192.168.100.9
!
ip dhcp pool vlanA
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanB
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanC
network 192.168.4.0 255.255.255.0
domain-name xxxx.xxx
!
ip dhcp pool vlanD
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanE
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanF
network 192.168.7.0 255.255.255.0
default-router 192.168.7.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanG
network 192.168.8.0 255.255.255.0
default-router 192.168.8.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanH
network 192.168.9.0 255.255.255.0
default-router 192.168.9.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanI
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanJ
network 192.168.15.0 255.255.255.0
default-router 192.168.15.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanK
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
ip dhcp pool vlanL
network 192.168.21.0 255.255.255.0
default-router 192.168.21.1
dns-server xxx.xxx.132.23 xxx.xxx.37.23
domain-name xxxx.xxx
!
!
ip domain name xxxx.xxx
ip name-server 192.168.100.10
ip name-server xxx.xxx.132.23
ip name-server xxx.xxx.37.23
ip ssh time-out 60
ip ssh authentication-retries 5
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip igmp snooping vlan 1 mrouter learn cgmp
ip igmp snooping vlan 2 mrouter learn cgmp
ip igmp snooping vlan 5 mrouter learn cgmp
!
appfw policy-name SDM_MEDIUM
application http
strict-http action allow alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
!
!
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_gnutella
class sdm_p2p_bittorrent
class sdm_p2p_edonkey
class sdm_p2p_kazaa
!
!
!
!
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
!
interface FastEthernet0.1
description vlanA Interface$ETH-LAN$
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.2.255
ip helper-address 192.168.5.255
ip helper-address 192.168.4.255
ip helper-address 192.168.6.255
ip helper-address 192.168.11.255
ip helper-address 192.168.9.255
ip helper-address 192.168.100.1
ip directed-broadcast
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.2
description vlanB LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip directed-broadcast
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.3
description vlanC LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.4
description vlanD LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
ip directed-broadcast
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.5
description vlanD LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 5
ip address 192.168.5.1 255.255.255.0
ip access-group 103 in
ip directed-broadcast
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.6
description vlanE LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 6
ip address 192.168.6.1 255.255.255.0
ip access-group 104 in
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.7
description vlanF LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 7
ip address 192.168.7.1 255.255.255.0
ip access-group 105 in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.8
description vlanG LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 8
ip address 192.168.8.1 255.255.255.0
ip access-group 106 in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.9
description vlanH LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 9
ip address 192.168.9.1 255.255.255.0
ip access-group 107 in
ip directed-broadcast
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.10
description vlanI LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip access-group 108 in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
no cdp enable
interface FastEthernet0.15
description vlanJ LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 15
ip address 192.168.15.1 255.255.255.0
ip access-group 115 in
ip directed-broadcast
ip nbar protocol-discovery
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.20
description vlanK LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip access-group 120 in
ip directed-broadcast
ip nbar protocol-discovery
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.21
description vlanL LAN$FW_INSIDE$$ETH-LAN$
encapsulation dot1Q 21
ip address 192.168.21.1 255.255.255.0
ip access-group 121 in
ip directed-broadcast
ip nbar protocol-discovery
ip virtual-reassembly
no snmp trap link-status
no cdp enable
!
interface FastEthernet0.100
description Server LAN$ETH-LAN$
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
ip helper-address 192.168.2.255
ip helper-address 192.168.5.255
ip helper-address 192.168.4.255
ip helper-address 192.168.6.255
ip helper-address 192.168.11.255
ip helper-address 192.168.9.255
ip directed-broadcast
ip nbar protocol-discovery
ip policy route-map server-internet
no snmp trap link-status
no cdp enable
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
no ip address
atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
no ip address
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 109 in
ip nbar protocol-discovery
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
dialer pool 1
no cdp enable
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
ip forward-protocol udp 9998
ip forward-protocol udp 9999
ip forward-protocol udp 9997
ip forward-protocol udp 9996
ip forward-protocol udp 31314
ip forward-protocol udp 14200
ip forward-protocol udp 4096
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.11.0 255.255.255.0 192.168.100.2
!
ip flow-top-talkers
top 20
sort-by bytes
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool xxx.xxx.xxx.9 xxx.xxx.xxx.9 xxx.xxx.xxx.9 netmask
255.255.255.248
ip nat inside source list 1 pool xxx.xxx.xxx.9 overload
!
ip access-list extended server-internet-acl
deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.3.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.5.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.6.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.7.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.8.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.9.0 0.0.0.255
deny ip 192.168.100.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.100.0 0.0.0.255 any
!
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.15.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.21.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 192.168.10.0 0.0.0.255 any
access-list 100 deny ip 192.168.9.0 0.0.0.255 any
access-list 100 deny ip 192.168.8.0 0.0.0.255 any
access-list 100 deny ip 192.168.7.0 0.0.0.255 any
access-list 100 deny ip 192.168.6.0 0.0.0.255 any
access-list 100 deny ip 192.168.5.0 0.0.0.255 any
access-list 100 deny ip 192.168.4.0 0.0.0.255 any
access-list 100 deny ip 192.168.3.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.10.0 0.0.0.255 any
access-list 101 deny ip 192.168.9.0 0.0.0.255 any
access-list 101 deny ip 192.168.8.0 0.0.0.255 any
access-list 101 deny ip 192.168.7.0 0.0.0.255 any
access-list 101 deny ip 192.168.6.0 0.0.0.255 any
access-list 101 deny ip 192.168.5.0 0.0.0.255 any
access-list 101 deny ip 192.168.4.0 0.0.0.255 any
access-list 101 deny ip 192.168.2.0 0.0.0.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 192.168.10.0 0.0.0.255 any
access-list 102 deny ip 192.168.9.0 0.0.0.255 any
access-list 102 deny ip 192.168.8.0 0.0.0.255 any
access-list 102 deny ip 192.168.7.0 0.0.0.255 any
access-list 102 deny ip 192.168.6.0 0.0.0.255 any
access-list 102 deny ip 192.168.5.0 0.0.0.255 any
access-list 102 deny ip 192.168.3.0 0.0.0.255 any
access-list 102 deny ip 192.168.2.0 0.0.0.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny ip 192.168.10.0 0.0.0.255 any
access-list 103 deny ip 192.168.9.0 0.0.0.255 any
access-list 103 deny ip 192.168.8.0 0.0.0.255 any
access-list 103 deny ip 192.168.7.0 0.0.0.255 any
access-list 103 deny ip 192.168.6.0 0.0.0.255 any
access-list 103 deny ip 192.168.4.0 0.0.0.255 any
access-list 103 deny ip 192.168.3.0 0.0.0.255 any
access-list 103 deny ip 192.168.2.0 0.0.0.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny ip 192.168.10.0 0.0.0.255 any
access-list 104 deny ip 192.168.9.0 0.0.0.255 any
access-list 104 deny ip 192.168.8.0 0.0.0.255 any
access-list 104 deny ip 192.168.7.0 0.0.0.255 any
access-list 104 deny ip 192.168.5.0 0.0.0.255 any
access-list 104 deny ip 192.168.4.0 0.0.0.255 any
access-list 104 deny ip 192.168.3.0 0.0.0.255 any
access-list 104 deny ip 192.168.2.0 0.0.0.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 deny ip 192.168.10.0 0.0.0.255 any
access-list 105 deny ip 192.168.9.0 0.0.0.255 any
access-list 105 deny ip 192.168.8.0 0.0.0.255 any
access-list 105 deny ip 192.168.6.0 0.0.0.255 any
access-list 105 deny ip 192.168.5.0 0.0.0.255 any
access-list 105 deny ip 192.168.4.0 0.0.0.255 any
access-list 105 deny ip 192.168.3.0 0.0.0.255 any
access-list 105 deny ip 192.168.2.0 0.0.0.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 permit ip any any
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 deny ip 192.168.10.0 0.0.0.255 any
access-list 106 deny ip 192.168.9.0 0.0.0.255 any
access-list 106 deny ip 192.168.7.0 0.0.0.255 any
access-list 106 deny ip 192.168.6.0 0.0.0.255 any
access-list 106 deny ip 192.168.5.0 0.0.0.255 any
access-list 106 deny ip 192.168.4.0 0.0.0.255 any
access-list 106 deny ip 192.168.3.0 0.0.0.255 any
access-list 106 deny ip 192.168.2.0 0.0.0.255 any
access-list 106 deny ip host 255.255.255.255 any
access-list 106 deny ip 127.0.0.0 0.255.255.255 any
access-list 106 permit ip any any
access-list 107 remark auto generated by SDM firewall configuration
access-list 107 remark SDM_ACL Category=1
access-list 107 deny ip 192.168.10.0 0.0.0.255 any
access-list 107 deny ip 192.168.8.0 0.0.0.255 any
access-list 107 deny ip 192.168.7.0 0.0.0.255 any
access-list 107 deny ip 192.168.6.0 0.0.0.255 any
access-list 107 deny ip 192.168.5.0 0.0.0.255 any
access-list 107 deny ip 192.168.4.0 0.0.0.255 any
access-list 107 deny ip 192.168.3.0 0.0.0.255 any
access-list 107 deny ip 192.168.2.0 0.0.0.255 any
access-list 107 deny ip host 255.255.255.255 any
access-list 107 deny ip 127.0.0.0 0.255.255.255 any
access-list 107 permit ip any any
access-list 108 remark auto generated by SDM firewall configuration
access-list 108 remark SDM_ACL Category=1
access-list 108 deny ip 192.168.9.0 0.0.0.255 any
access-list 108 deny ip 192.168.8.0 0.0.0.255 any
access-list 108 deny ip 192.168.7.0 0.0.0.255 any
access-list 108 deny ip 192.168.6.0 0.0.0.255 any
access-list 108 deny ip 192.168.5.0 0.0.0.255 any
access-list 108 deny ip 192.168.4.0 0.0.0.255 any
access-list 108 deny ip 192.168.3.0 0.0.0.255 any
access-list 108 deny ip 192.168.2.0 0.0.0.255 any
access-list 108 deny ip host 255.255.255.255 any
access-list 108 deny ip 127.0.0.0 0.255.255.255 any
access-list 108 permit ip any any
access-list 109 remark auto generated by SDM firewall configuration
access-list 109 remark SDM_ACL Category=1
access-list 109 deny ip 192.168.10.0 0.0.0.255 any
access-list 109 deny ip 192.168.9.0 0.0.0.255 any
access-list 109 deny ip 192.168.8.0 0.0.0.255 any
access-list 109 deny ip 192.168.7.0 0.0.0.255 any
access-list 109 deny ip 192.168.6.0 0.0.0.255 any
access-list 109 deny ip 192.168.5.0 0.0.0.255 any
access-list 109 deny ip 192.168.4.0 0.0.0.255 any
access-list 109 deny ip 192.168.3.0 0.0.0.255 any
access-list 109 deny ip 192.168.2.0 0.0.0.255 any
access-list 109 permit icmp any any echo-reply
access-list 109 permit icmp any any time-exceeded
access-list 109 permit icmp any any unreachable
access-list 109 deny ip 10.0.0.0 0.255.255.255 any
access-list 109 deny ip 172.16.0.0 0.15.255.255 any
access-list 109 deny ip 192.168.0.0 0.0.255.255 any
access-list 109 deny ip 127.0.0.0 0.255.255.255 any
access-list 109 deny ip host 255.255.255.255 any
access-list 109 deny ip host 0.0.0.0 any
access-list 109 deny ip any any log
access-list 115 remark auto generated by SDM firewall configuration
access-list 115 remark SDM_ACL Category=1
access-list 115 deny ip 192.168.21.0 0.0.0.255 any
access-list 115 deny ip 192.168.20.0 0.0.0.255 any
access-list 115 deny ip 192.168.10.0 0.0.0.255 any
access-list 115 deny ip 192.168.9.0 0.0.0.255 any
access-list 115 deny ip 192.168.8.0 0.0.0.255 any
access-list 115 deny ip 192.168.7.0 0.0.0.255 any
access-list 115 deny ip 192.168.6.0 0.0.0.255 any
access-list 115 deny ip 192.168.5.0 0.0.0.255 any
access-list 115 deny ip 192.168.4.0 0.0.0.255 any
access-list 115 deny ip 192.168.3.0 0.0.0.255 any
access-list 115 deny ip 192.168.2.0 0.0.0.255 any
access-list 115 deny ip host 255.255.255.255 any
access-list 115 deny ip 127.0.0.0 0.255.255.255 any
access-list 115 permit ip any any
access-list 120 remark auto generated by SDM firewall configuration
access-list 120 remark SDM_ACL Category=1
access-list 120 deny ip 192.168.21.0 0.0.0.255 any
access-list 120 deny ip 192.168.15.0 0.0.0.255 any
access-list 120 deny ip 192.168.10.0 0.0.0.255 any
access-list 120 deny ip 192.168.9.0 0.0.0.255 any
access-list 120 deny ip 192.168.8.0 0.0.0.255 any
access-list 120 deny ip 192.168.7.0 0.0.0.255 any
access-list 120 deny ip 192.168.6.0 0.0.0.255 any
access-list 120 deny ip 192.168.5.0 0.0.0.255 any
access-list 120 deny ip 192.168.4.0 0.0.0.255 any
access-list 120 deny ip 192.168.3.0 0.0.0.255 any
access-list 120 deny ip 192.168.2.0 0.0.0.255 any
access-list 120 deny ip host 255.255.255.255 any
access-list 120 deny ip 127.0.0.0 0.255.255.255 any
access-list 120 permit ip any any
access-list 121 remark auto generated by SDM firewall configuration
access-list 121 remark SDM_ACL Category=1
access-list 121 deny ip 192.168.20.0 0.0.0.255 any
access-list 121 deny ip 192.168.15.0 0.0.0.255 any
access-list 121 deny ip 192.168.10.0 0.0.0.255 any
access-list 121 deny ip 192.168.9.0 0.0.0.255 any
access-list 121 deny ip 192.168.8.0 0.0.0.255 any
access-list 121 deny ip 192.168.7.0 0.0.0.255 any
access-list 121 deny ip 192.168.6.0 0.0.0.255 any
access-list 121 deny ip 192.168.5.0 0.0.0.255 any
access-list 121 deny ip 192.168.4.0 0.0.0.255 any
access-list 121 deny ip 192.168.3.0 0.0.0.255 any
access-list 121 deny ip 192.168.2.0 0.0.0.255 any
access-list 121 deny ip host 255.255.255.255 any
access-list 121 deny ip 127.0.0.0 0.255.255.255 any
access-list 121 permit ip any any
access-list 125 deny ip 192.168.100.0 0.0.0.255 192.168.0.0
0.0.255.255
access-list 125 permit ip 192.168.100.0 0.0.0.255 any
no cdp run
!
!
!
route-map server-internet permit 10
match ip address server-internet-acl
set ip next-hop 192.168.100.2
!
route-map user-internet permit 10
match ip address user-internet-acl
set ip next-hop 192.168.1.5
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
logging synchronous
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Server 1801:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SERVER_1801
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
no ip address
atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface Vlan1
ip address xxx.xxx.xxx.241 255.255.255.248
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
encapsulation ppp
dialer pool 1
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit xxx.xxx.xxx.240 0.0.0.7
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Similar ThreadsPosted
adding a pix to dual router setup October 9, 2006, 5:53 pm
Dual Cisco 2501 router setup May 11, 2006, 9:18 pm
Cisco 1841 dual adsl setup March 8, 2006, 3:01 pm
AP1310, adding a new one to an existing setup woes May 30, 2006, 5:51 am
C3845, Dual Hub Dual DMVPN Hub-To-Spoke, Limitations? September 25, 2005, 2:58 pm
FS 2514 - Dual Ethernet Router February 10, 2005, 6:55 am
Which Dual ethernet Cisco router for Cable modem <--> LAN ? February 9, 2005, 9:37 pm
cant ping when adding secondary ip to 1 fastethernet interface on 1700 router August 17, 2005, 12:14 pm
adding 8 port switch to ethernet interface on 1812 router May 29, 2006, 1:14 am
How to setup FXO/FXS on two router? Need help please :) October 11, 2005, 11:30 am
Setup question: WAN Router & vpn / fw-router+++ June 12, 2005, 10:59 pm
Cisco router 831 PPTP VPN setup September 6, 2005, 3:19 am
Cisco Router Web SetUp Tool May 24, 2006, 3:42 pm
Connecting to a router and switch for setup... March 31, 2007, 9:38 pm
Need to setup a router/switch with 29 IP addresses, but can't subnet - HOW? December 6, 2005, 1:17 pm