B-12
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Appendix B Sample Configurations
Example 4: Multiple Mode, Transparent Firewall with Outside Access
global (shared) 1 10.1.1.38
access-list MAIL remark -Allows only mail traffic from inside to exit out the shared int
access-list MAIL extended permit tcp host 10.1.1.38 host 10.1.1.7 eq smtp
! Note that the translated PAT address is used.
access-group MAIL out interface shared
logging trap 3
! System messages are sent to the syslog server on the Shared network
logging host shared 10.1.1.8
logging enable
Example 4: Multiple Mode, Transparent Firewall with Outside
Access
This configuration creates three security contexts plus the admin context. Each context allows OSPF
traffic to pass between the inside and outside routers (see Figure B-4).
Inside hosts can access the Internet through the outside, but no outside hosts can access the inside.
An out-of-band management host is connected to the Management 0/0 interface.
The admin context allows SSH sessions to the security appliance from one host.
Although inside IP addresses can be the same across contexts, keeping them unique is easier to manage.
To Next Page
Loading...
Need help?
General