Cisco 7604 Configuration Guide - Page 635
Department 1 Context Configuration (Example 3
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 635 highlights
Appendix B Sample Configurations Routed Mode Sample Configurations access-list SHARED remark -but allows the admin host to access any server. access-list SHARED extended permit ip host 10.1.1.78 any access-list SHARED extended permit tcp host 10.1.1.30 host 10.1.1.7 eq smtp ! Note that the translated addresses are used. access-group SHARED out interface shared ! Allows 10.1.0.15 to access the admin context using Telnet. From the admin context, you ! can access all other contexts. telnet 10.1.0.15 255.255.255.255 inside aaa-server AAA-SERVER protocol tacacs+ aaa-server AAA-SERVER (shared) host 10.1.1.6 key TheUauthKey server-port 16 ! The host at 10.1.0.15 must authenticate with the AAA server to log in aaa authentication telnet console AAA-SERVER logging trap 6 ! System log messages are sent to the syslog server on the Shared network logging host shared 10.1.1.8 logging on Department 1 Context Configuration (Example 3) To change to a context configuration, enter the changeto context name command. To change back to the system, enter changeto system. interface vlan 200 nameif outside security-level 0 ip address 209.165.201.4 255.255.255.224 interface vlan 202 nameif inside security-level 100 ip address 10.1.2.1 255.255.255.0 interface vlan 300 nameif shared security-level 50 ip address 10.1.1.2 255.255.255.0 passwd cugel enable password rhialto nat (inside) 1 10.1.2.0 255.255.255.0 ! The inside network uses PAT when accessing the outside global (outside) 1 209.165.201.8 netmask 255.255.255.255 ! The inside network uses dynamic NAT when accessing the shared network global (shared) 1 10.1.1.31-10.1.1.37 ! The web server can be accessed from outside and requires a static translation static (inside,outside) 209.165.201.9 10.1.2.3 netmask 255.255.255.255 access-list INTERNET remark -Allows all inside hosts to access the outside access-list INTERNET remark -and shared network for any IP traffic access-list INTERNET extended permit ip any any access-group INTERNET in interface inside access-list WEBSERVER remark -Allows the management host (its translated address) on the access-list WEBSERVER remark -admin context to access the web server for management access-list WEBSERVER remark -it can use any IP protocol access-list WEBSERVER extended permit ip host 209.165.201.7 host 209.165.201.9 access-list WEBSERVER remark -Allows any outside address to access the web server access-list WEBSERVER extended permit tcp any eq http host 209.165.201.9 eq http access-group WEBSERVER in interface outside access-list MAIL remark -Allows only mail traffic from inside to exit out the shared int ! Note that the translated addresses are used. access-list MAIL extended permit tcp host 10.1.1.31 eq smtp host 10.1.1.7 eq smtp access-list MAIL extended permit tcp host 10.1.1.32 eq smtp host 10.1.1.7 eq smtp access-list MAIL extended permit tcp host 10.1.1.33 eq smtp host 10.1.1.7 eq smtp OL-20748-01 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM B-11