Cisco 7604 Configuration Guide - Page 176
interface, route-map, access-list, redistribute connected, redistribute static, Step 4
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 176 highlights
Configuring Route Health Injection Chapter 8 Configuring IP Routing and DHCP Services Step 4 Step 5 To inject connected routes, enter the following command: hostname(config-route-inject)# redistribute connected [route-map map_name | access-list acl_id] interface interface_name where the interface interface_name argument specifies the FWSM interface; this interface IP address is used as the next-hop IP address in the routes that are injected. By default, all connected routes are injected. If you want to limit the routes injected, you can specify the route-map or access-list argument; only matching addresses are injected. You can enter only one redistribute connected command. To inject static routes, enter the following command: hostname(config-route-inject)# redistribute static [route-map map_name | access-list acl_id] interface interface_name where the interface interface_name argument specifies the FWSM interface; this interface IP address is used as the next-hop IP address in the routes that are injected. By default, all static routes are injected. If you want to limit the routes injected, you can specify the route-map or access-list argument; only matching addresses are injected. You can enter only one redistribute static command. The following example injects NAT addresses that match access list acl1; 209.165.201.0/30 is injected with a nexthop of 209.165.200.225 (the active IP address of the outside interface) on VLAN 20. The 209.165.201.10 through .16 addresses are not injected. hostname(config)# interface vlan20 hostname(config-if)# nameif outside hostname(config-if)# ip address 209.165.200.225 255.255.255.224 standby 209.165.200.226 hostname(config-if)# exit hostname(config)# access-list acl1 standard permit 209.165.201.0 255.255.255.252 hostname(config)# global (outside) 10 209.165.201.1-209.165.201.2 netmask 255.255.255.0 hostname(config)# global (outside) 10 209.165.201.10-209.165.201.16 netmask 255.255.255.0 hostname(config)# route-inject hostname(config-route-inject)# redistribute nat access-list acl1 interface outside The following example injects 209.165.202.129 through .131 and 209.165.202.140 through .146 with a nexthop 209.165.200.250 on VLAN 20. The global pools on the dmz interface, and the global pool 20 on the outside interface are not included. hostname(config)# interface vlan20 hostname(config-if)# nameif outside hostname(config-if)# ip address 209.165.200.250 255.255.255.224 standby 209.165.200.251 hostname(config-if)# exit hostname(config)# global (dmz) 10 209.165.201.1-209.165.201.10 netmask 255.255.255.0 hostname(config)# global (outside) 10 209.165.202.129-209.165.202.131 netmask 255.255.255.0 hostname(config)# global (outside) 10 209.165.202.140-209.165.202.146 netmask 255.255.255.0 hostname(config)# global (outside) 20 209.165.202.150-209.165.202.155 netmask 255.255.255.0 hostname(config)# route-inject hostname(config-route-inject)# redistribute nat global-pool 10 interface outside 8-34 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01