1. Home
  2. Cisco Systems
  3. adding a pix to dual router setup

adding a pix to dual router setup

I am having some trouble adding a PIX 515E to my current setup. I have 2 DSL lines coming into 2 Cisco 1801's. One of my DSL lines handles my server traffic while the other line serves as an internet connection for my users. I have 12 vlans setup to handle all of the user traffic. My Server DSL has a PIX setup on it while my User DSL is using an IOS Firewall setup on the 1801. I am trying to add a PIX to the User DSL. I need to know what to change on the User 1801 to accomodate the new PIX. Here are my configs for the 1801's: If anyone needs any more info, let me know.

User 1801: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname USER_1801 ! boot-start-marker boot-end-marker ! logging buffered 4096 debugging ! no aaa new-model ! resource policy ! ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.2.1 192.168.2.9 ip dhcp excluded-address 192.168.3.1 192.168.3.9 ip dhcp excluded-address 192.168.4.1 192.168.4.9 ip dhcp excluded-address 192.168.5.1 192.168.5.9 ip dhcp excluded-address 192.168.6.1 192.168.6.9 ip dhcp excluded-address 192.168.7.1 192.168.7.9 ip dhcp excluded-address 192.168.8.1 192.168.8.9 ip dhcp excluded-address 192.168.9.1 192.168.9.9 ip dhcp excluded-address 192.168.10.1 192.168.10.9 ip dhcp excluded-address 192.168.11.1 192.168.11.9 ip dhcp excluded-address 192.168.15.1 192.168.15.9 ip dhcp excluded-address 192.168.20.1 192.168.20.9 ip dhcp excluded-address 192.168.21.1 192.168.21.9 ip dhcp excluded-address 192.168.100.1 192.168.100.9 ! ip dhcp pool vlanA network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanB network 192.168.3.0 255.255.255.0 default-router 192.168.3.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanC network 192.168.4.0 255.255.255.0 domain-name xxxx.xxx ! ip dhcp pool vlanD network 192.168.5.0 255.255.255.0 default-router 192.168.5.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanE network 192.168.6.0 255.255.255.0 default-router 192.168.6.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanF network 192.168.7.0 255.255.255.0 default-router 192.168.7.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanG network 192.168.8.0 255.255.255.0 default-router 192.168.8.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanH network 192.168.9.0 255.255.255.0 default-router 192.168.9.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanI network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanJ network 192.168.15.0 255.255.255.0 default-router 192.168.15.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanK network 192.168.20.0 255.255.255.0 default-router 192.168.20.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ip dhcp pool vlanL network 192.168.21.0 255.255.255.0 default-router 192.168.21.1 dns-server xxx.xxx.132.23 xxx.xxx.37.23 domain-name xxxx.xxx ! ! ip domain name xxxx.xxx ip name-server 192.168.100.10 ip name-server xxx.xxx.132.23 ip name-server xxx.xxx.37.23 ip ssh time-out 60 ip ssh authentication-retries 5 ip inspect log drop-pkt ip inspect name SDM_MEDIUM appfw SDM_MEDIUM ip inspect name SDM_MEDIUM cuseeme ip inspect name SDM_MEDIUM dns ip inspect name SDM_MEDIUM ftp ip inspect name SDM_MEDIUM h323 ip inspect name SDM_MEDIUM https ip inspect name SDM_MEDIUM icmp ip inspect name SDM_MEDIUM imap reset ip inspect name SDM_MEDIUM pop3 reset ip inspect name SDM_MEDIUM netshow ip inspect name SDM_MEDIUM rcmd ip inspect name SDM_MEDIUM realaudio ip inspect name SDM_MEDIUM rtsp ip inspect name SDM_MEDIUM esmtp ip inspect name SDM_MEDIUM sqlnet ip inspect name SDM_MEDIUM streamworks ip inspect name SDM_MEDIUM tftp ip inspect name SDM_MEDIUM tcp ip inspect name SDM_MEDIUM udp ip inspect name SDM_MEDIUM vdolive ip igmp snooping vlan 1 mrouter learn cgmp ip igmp snooping vlan 2 mrouter learn cgmp ip igmp snooping vlan 5 mrouter learn cgmp ! appfw policy-name SDM_MEDIUM application http strict-http action allow alarm port-misuse p2p action reset alarm port-misuse tunneling action allow alarm ! ! ! ! class-map match-any sdm_p2p_kazaa match protocol fasttrack match protocol kazaa2 class-map match-any sdm_p2p_edonkey match protocol edonkey class-map match-any sdm_p2p_gnutella match protocol gnutella class-map match-any sdm_p2p_bittorrent match protocol bittorrent ! ! policy-map sdmappfwp2p_SDM_MEDIUM class sdm_p2p_gnutella class sdm_p2p_bittorrent class sdm_p2p_edonkey class sdm_p2p_kazaa ! ! ! ! ! ! interface FastEthernet0 no ip address duplex auto speed auto ! interface FastEthernet0.1 description vlanA Interface$ETH-LAN$ encapsulation dot1Q 1 native ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.2.255 ip helper-address 192.168.5.255 ip helper-address 192.168.4.255 ip helper-address 192.168.6.255 ip helper-address 192.168.11.255 ip helper-address 192.168.9.255 ip helper-address 192.168.100.1 ip directed-broadcast no snmp trap link-status no cdp enable ! interface FastEthernet0.2 description vlanB LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 2 ip address 192.168.2.1 255.255.255.0 ip access-group 100 in ip directed-broadcast ip nbar protocol-discovery ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.3 description vlanC LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 3 ip address 192.168.3.1 255.255.255.0 ip access-group 101 in ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.4 description vlanD LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 4 ip address 192.168.4.1 255.255.255.0 ip directed-broadcast no snmp trap link-status no cdp enable ! interface FastEthernet0.5 description vlanD LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 5 ip address 192.168.5.1 255.255.255.0 ip access-group 103 in ip directed-broadcast ip nbar protocol-discovery ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.6 description vlanE LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 6 ip address 192.168.6.1 255.255.255.0 ip access-group 104 in ip directed-broadcast ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.7 description vlanF LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 7 ip address 192.168.7.1 255.255.255.0 ip access-group 105 in ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.8 description vlanG LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 8 ip address 192.168.8.1 255.255.255.0 ip access-group 106 in ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.9 description vlanH LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 9 ip address 192.168.9.1 255.255.255.0 ip access-group 107 in ip directed-broadcast ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.10 description vlanI LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 ip access-group 108 in ip nat inside ip virtual-reassembly no snmp trap link-status no cdp enable interface FastEthernet0.15 description vlanJ LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 15 ip address 192.168.15.1 255.255.255.0 ip access-group 115 in ip directed-broadcast ip nbar protocol-discovery ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.20 description vlanK LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 20 ip address 192.168.20.1 255.255.255.0 ip access-group 120 in ip directed-broadcast ip nbar protocol-discovery ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.21 description vlanL LAN$FW_INSIDE$$ETH-LAN$ encapsulation dot1Q 21 ip address 192.168.21.1 255.255.255.0 ip access-group 121 in ip directed-broadcast ip nbar protocol-discovery ip virtual-reassembly no snmp trap link-status no cdp enable ! interface FastEthernet0.100 description Server LAN$ETH-LAN$ encapsulation dot1Q 100 ip address 192.168.100.1 255.255.255.0 ip helper-address 192.168.2.255 ip helper-address 192.168.5.255 ip helper-address 192.168.4.255 ip helper-address 192.168.6.255 ip helper-address 192.168.11.255 ip helper-address 192.168.9.255 ip directed-broadcast ip nbar protocol-discovery ip policy route-map server-internet no snmp trap link-status no cdp enable ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface ATM0 no ip address atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! bundle-enable dsl operating-mode auto ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$ no ip address ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 109 in ip nbar protocol-discovery ip nat outside ip inspect SDM_MEDIUM out ip virtual-reassembly encapsulation ppp no ip route-cache cef dialer pool 1 no cdp enable service-policy input sdmappfwp2p_SDM_MEDIUM service-policy output sdmappfwp2p_SDM_MEDIUM ! ip forward-protocol udp 9998 ip forward-protocol udp 9999 ip forward-protocol udp 9997 ip forward-protocol udp 9996 ip forward-protocol udp 31314 ip forward-protocol udp 14200 ip forward-protocol udp 4096 ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 192.168.11.0 255.255.255.0 192.168.100.2 ! ip flow-top-talkers top 20 sort-by bytes ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat pool xxx.xxx.xxx.9 xxx.xxx.xxx.9 xxx.xxx.xxx.9 netmask

255.255.255.248 ip nat inside source list 1 pool xxx.xxx.xxx.9 overload ! ip access-list extended server-internet-acl deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.3.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.5.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.6.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.7.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.8.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.9.0 0.0.0.255 deny ip 192.168.100.0 0.0.0.255 192.168.10.0 0.0.0.255 permit ip 192.168.100.0 0.0.0.255 any ! ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.4.0 0.0.0.255 access-list 1 permit 192.168.5.0 0.0.0.255 access-list 1 permit 192.168.6.0 0.0.0.255 access-list 1 permit 192.168.7.0 0.0.0.255 access-list 1 permit 192.168.8.0 0.0.0.255 access-list 1 permit 192.168.9.0 0.0.0.255 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 permit 192.168.15.0 0.0.0.255 access-list 1 permit 192.168.20.0 0.0.0.255 access-list 1 permit 192.168.21.0 0.0.0.255 access-list 23 permit 192.168.2.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip 192.168.10.0 0.0.0.255 any access-list 100 deny ip 192.168.9.0 0.0.0.255 any access-list 100 deny ip 192.168.8.0 0.0.0.255 any access-list 100 deny ip 192.168.7.0 0.0.0.255 any access-list 100 deny ip 192.168.6.0 0.0.0.255 any access-list 100 deny ip 192.168.5.0 0.0.0.255 any access-list 100 deny ip 192.168.4.0 0.0.0.255 any access-list 100 deny ip 192.168.3.0 0.0.0.255 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip 192.168.10.0 0.0.0.255 any access-list 101 deny ip 192.168.9.0 0.0.0.255 any access-list 101 deny ip 192.168.8.0 0.0.0.255 any access-list 101 deny ip 192.168.7.0 0.0.0.255 any access-list 101 deny ip 192.168.6.0 0.0.0.255 any access-list 101 deny ip 192.168.5.0 0.0.0.255 any access-list 101 deny ip 192.168.4.0 0.0.0.255 any access-list 101 deny ip 192.168.2.0 0.0.0.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 permit ip any any access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 deny ip 192.168.10.0 0.0.0.255 any access-list 102 deny ip 192.168.9.0 0.0.0.255 any access-list 102 deny ip 192.168.8.0 0.0.0.255 any access-list 102 deny ip 192.168.7.0 0.0.0.255 any access-list 102 deny ip 192.168.6.0 0.0.0.255 any access-list 102 deny ip 192.168.5.0 0.0.0.255 any access-list 102 deny ip 192.168.3.0 0.0.0.255 any access-list 102 deny ip 192.168.2.0 0.0.0.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 permit ip any any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 deny ip 192.168.10.0 0.0.0.255 any access-list 103 deny ip 192.168.9.0 0.0.0.255 any access-list 103 deny ip 192.168.8.0 0.0.0.255 any access-list 103 deny ip 192.168.7.0 0.0.0.255 any access-list 103 deny ip 192.168.6.0 0.0.0.255 any access-list 103 deny ip 192.168.4.0 0.0.0.255 any access-list 103 deny ip 192.168.3.0 0.0.0.255 any access-list 103 deny ip 192.168.2.0 0.0.0.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 permit ip any any access-list 104 remark auto generated by SDM firewall configuration access-list 104 remark SDM_ACL Category=1 access-list 104 deny ip 192.168.10.0 0.0.0.255 any access-list 104 deny ip 192.168.9.0 0.0.0.255 any access-list 104 deny ip 192.168.8.0 0.0.0.255 any access-list 104 deny ip 192.168.7.0 0.0.0.255 any access-list 104 deny ip 192.168.5.0 0.0.0.255 any access-list 104 deny ip 192.168.4.0 0.0.0.255 any access-list 104 deny ip 192.168.3.0 0.0.0.255 any access-list 104 deny ip 192.168.2.0 0.0.0.255 any access-list 104 deny ip host 255.255.255.255 any access-list 104 deny ip 127.0.0.0 0.255.255.255 any access-list 104 permit ip any any access-list 105 remark auto generated by SDM firewall configuration access-list 105 remark SDM_ACL Category=1 access-list 105 deny ip 192.168.10.0 0.0.0.255 any access-list 105 deny ip 192.168.9.0 0.0.0.255 any access-list 105 deny ip 192.168.8.0 0.0.0.255 any access-list 105 deny ip 192.168.6.0 0.0.0.255 any access-list 105 deny ip 192.168.5.0 0.0.0.255 any access-list 105 deny ip 192.168.4.0 0.0.0.255 any access-list 105 deny ip 192.168.3.0 0.0.0.255 any access-list 105 deny ip 192.168.2.0 0.0.0.255 any access-list 105 deny ip host 255.255.255.255 any access-list 105 deny ip 127.0.0.0 0.255.255.255 any access-list 105 permit ip any any access-list 106 remark auto generated by SDM firewall configuration access-list 106 remark SDM_ACL Category=1 access-list 106 deny ip 192.168.10.0 0.0.0.255 any access-list 106 deny ip 192.168.9.0 0.0.0.255 any access-list 106 deny ip 192.168.7.0 0.0.0.255 any access-list 106 deny ip 192.168.6.0 0.0.0.255 any access-list 106 deny ip 192.168.5.0 0.0.0.255 any access-list 106 deny ip 192.168.4.0 0.0.0.255 any access-list 106 deny ip 192.168.3.0 0.0.0.255 any access-list 106 deny ip 192.168.2.0 0.0.0.255 any access-list 106 deny ip host 255.255.255.255 any access-list 106 deny ip 127.0.0.0 0.255.255.255 any access-list 106 permit ip any any access-list 107 remark auto generated by SDM firewall configuration access-list 107 remark SDM_ACL Category=1 access-list 107 deny ip 192.168.10.0 0.0.0.255 any access-list 107 deny ip 192.168.8.0 0.0.0.255 any access-list 107 deny ip 192.168.7.0 0.0.0.255 any access-list 107 deny ip 192.168.6.0 0.0.0.255 any access-list 107 deny ip 192.168.5.0 0.0.0.255 any access-list 107 deny ip 192.168.4.0 0.0.0.255 any access-list 107 deny ip 192.168.3.0 0.0.0.255 any access-list 107 deny ip 192.168.2.0 0.0.0.255 any access-list 107 deny ip host 255.255.255.255 any access-list 107 deny ip 127.0.0.0 0.255.255.255 any access-list 107 permit ip any any access-list 108 remark auto generated by SDM firewall configuration access-list 108 remark SDM_ACL Category=1 access-list 108 deny ip 192.168.9.0 0.0.0.255 any access-list 108 deny ip 192.168.8.0 0.0.0.255 any access-list 108 deny ip 192.168.7.0 0.0.0.255 any access-list 108 deny ip 192.168.6.0 0.0.0.255 any access-list 108 deny ip 192.168.5.0 0.0.0.255 any access-list 108 deny ip 192.168.4.0 0.0.0.255 any access-list 108 deny ip 192.168.3.0 0.0.0.255 any access-list 108 deny ip 192.168.2.0 0.0.0.255 any access-list 108 deny ip host 255.255.255.255 any access-list 108 deny ip 127.0.0.0 0.255.255.255 any access-list 108 permit ip any any access-list 109 remark auto generated by SDM firewall configuration access-list 109 remark SDM_ACL Category=1 access-list 109 deny ip 192.168.10.0 0.0.0.255 any access-list 109 deny ip 192.168.9.0 0.0.0.255 any access-list 109 deny ip 192.168.8.0 0.0.0.255 any access-list 109 deny ip 192.168.7.0 0.0.0.255 any access-list 109 deny ip 192.168.6.0 0.0.0.255 any access-list 109 deny ip 192.168.5.0 0.0.0.255 any access-list 109 deny ip 192.168.4.0 0.0.0.255 any access-list 109 deny ip 192.168.3.0 0.0.0.255 any access-list 109 deny ip 192.168.2.0 0.0.0.255 any access-list 109 permit icmp any any echo-reply access-list 109 permit icmp any any time-exceeded access-list 109 permit icmp any any unreachable access-list 109 deny ip 10.0.0.0 0.255.255.255 any access-list 109 deny ip 172.16.0.0 0.15.255.255 any access-list 109 deny ip 192.168.0.0 0.0.255.255 any access-list 109 deny ip 127.0.0.0 0.255.255.255 any access-list 109 deny ip host 255.255.255.255 any access-list 109 deny ip host 0.0.0.0 any access-list 109 deny ip any any log access-list 115 remark auto generated by SDM firewall configuration access-list 115 remark SDM_ACL Category=1 access-list 115 deny ip 192.168.21.0 0.0.0.255 any access-list 115 deny ip 192.168.20.0 0.0.0.255 any access-list 115 deny ip 192.168.10.0 0.0.0.255 any access-list 115 deny ip 192.168.9.0 0.0.0.255 any access-list 115 deny ip 192.168.8.0 0.0.0.255 any access-list 115 deny ip 192.168.7.0 0.0.0.255 any access-list 115 deny ip 192.168.6.0 0.0.0.255 any access-list 115 deny ip 192.168.5.0 0.0.0.255 any access-list 115 deny ip 192.168.4.0 0.0.0.255 any access-list 115 deny ip 192.168.3.0 0.0.0.255 any access-list 115 deny ip 192.168.2.0 0.0.0.255 any access-list 115 deny ip host 255.255.255.255 any access-list 115 deny ip 127.0.0.0 0.255.255.255 any access-list 115 permit ip any any access-list 120 remark auto generated by SDM firewall configuration access-list 120 remark SDM_ACL Category=1 access-list 120 deny ip 192.168.21.0 0.0.0.255 any access-list 120 deny ip 192.168.15.0 0.0.0.255 any access-list 120 deny ip 192.168.10.0 0.0.0.255 any access-list 120 deny ip 192.168.9.0 0.0.0.255 any access-list 120 deny ip 192.168.8.0 0.0.0.255 any access-list 120 deny ip 192.168.7.0 0.0.0.255 any access-list 120 deny ip 192.168.6.0 0.0.0.255 any access-list 120 deny ip 192.168.5.0 0.0.0.255 any access-list 120 deny ip 192.168.4.0 0.0.0.255 any access-list 120 deny ip 192.168.3.0 0.0.0.255 any access-list 120 deny ip 192.168.2.0 0.0.0.255 any access-list 120 deny ip host 255.255.255.255 any access-list 120 deny ip 127.0.0.0 0.255.255.255 any access-list 120 permit ip any any access-list 121 remark auto generated by SDM firewall configuration access-list 121 remark SDM_ACL Category=1 access-list 121 deny ip 192.168.20.0 0.0.0.255 any access-list 121 deny ip 192.168.15.0 0.0.0.255 any access-list 121 deny ip 192.168.10.0 0.0.0.255 any access-list 121 deny ip 192.168.9.0 0.0.0.255 any access-list 121 deny ip 192.168.8.0 0.0.0.255 any access-list 121 deny ip 192.168.7.0 0.0.0.255 any access-list 121 deny ip 192.168.6.0 0.0.0.255 any access-list 121 deny ip 192.168.5.0 0.0.0.255 any access-list 121 deny ip 192.168.4.0 0.0.0.255 any access-list 121 deny ip 192.168.3.0 0.0.0.255 any access-list 121 deny ip 192.168.2.0 0.0.0.255 any access-list 121 deny ip host 255.255.255.255 any access-list 121 deny ip 127.0.0.0 0.255.255.255 any access-list 121 permit ip any any access-list 125 deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 125 permit ip 192.168.100.0 0.0.0.255 any no cdp run ! ! ! route-map server-internet permit 10 match ip address server-internet-acl set ip next-hop 192.168.100.2 ! route-map user-internet permit 10 match ip address user-internet-acl set ip next-hop 192.168.1.5 ! ! ! control-plane ! ! line con 0 logging synchronous login local line aux 0 line vty 0 4 access-class 23 in privilege level 15 logging synchronous login local transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end

Server 1801: ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname SERVER_1801 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! resource policy ! ! ! ip cef ! ! no ip domain lookup ip domain name yourdomain.com ! ! ! ! ! ! ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface ATM0 no ip address atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! bundle-enable dsl operating-mode auto ! interface Vlan1 ip address xxx.xxx.xxx.241 255.255.255.248 ip tcp adjust-mss 1452 ! interface Dialer0 ip address negotiated encapsulation ppp dialer pool 1 no cdp enable ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! access-list 23 permit xxx.xxx.xxx.240 0.0.0.7 no cdp run ! ! ! ! ! ! control-plane ! ! line con 0 login local line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end

Reply to
jleleux
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.