B-4
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix B Sample Configurations
Example 1: Multiple Mode Firewall With Outside Access
Example 1: Admin Context Configuration
The host at 10.1.1.75 can access the context using SSH, which requires a key to be generated using the
crypto key generate command.
hostname Admin
domain isp
interface gigabitethernet 0/0.3
nameif outside
security-level 0
ip address 209.165.201.2 255.255.255.224
no shutdown
interface gigabitethernet 0/1.4
nameif inside
security-level 100
ip address 10.1.1.1 255.255.255.0
no shutdown
passwd secret1969
enable password h1andl0
route outside 0 0 209.165.201.1 1
ssh 10.1.1.75 255.255.255.255 inside
nat (inside) 1 10.1.1.0 255.255.255.0
! This context uses dynamic NAT for inside users that access the outside
global (outside) 1 209.165.201.10-209.165.201.29
! The host at 10.1.1.75 has access to the Websense server in Customer C, so
! it needs a static translation for use in Customer C’s access list
static (inside,outside) 209.165.201.30 10.1.1.75 netmask 255.255.255.255
Example 1: Customer A Context Configuration
interface gigabitethernet 0/0.3
nameif outside
security-level 0
ip address 209.165.201.3 255.255.255.224
no shutdown
interface gigabitethernet 0/1.5
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
no shutdown
passwd hell0!
enable password enter55
route outside 0 0 209.165.201.1 1
! The Customer A context has a second network behind an inside router that requires a
! static route. All other traffic is handled by the default route pointing to the router.
route inside 192.168.1.0 255.255.255.0 10.1.2.2 1
nat (inside) 1 10.1.2.0 255.255.255.0
! This context uses dynamic PAT for inside users that access that outside. The outside
! interface address is used for the PAT address
global (outside) 1 interface
Example 1: Customer B Context Configuration
interface gigabitethernet 0/0.3
nameif outside
security-level 0
ip address 209.165.201.4 255.255.255.224
To Next Page
Loading...
Need help?
General