Public Pastes
Guest

Untitled

By: a guest on Jun 15th, 2010  |  syntax: None  |  size: 2.37 KB  |  hits: 105  |  expires: Never
download  |  raw  |  embed  |  report abuse
Copied
  1. class-map type inspect match-all INSIDE_OUTSIDE
  2.  match protocol http
  3.  match protocol ftp
  4.  match protocol icmp
  5.  match protocol dns
  6.  match protocol ssh
  7. class-map type inspect match-all RIP
  8.  match access-group 110
  9. class-map type inspect match-all OUTSIDE_DMZ
  10.  match protocol ftp
  11.  match protocol http
  12.  match protocol dns
  13. !
  14. !
  15. policy-map type inspect INSIDE_OUTSIDE
  16.  class type inspect INSIDE_OUTSIDE
  17.   inspect
  18.  class type inspect RIP
  19.   pass
  20.  class class-default
  21. policy-map type inspect OUTSIDE_DMZ
  22.  class type inspect OUTSIDE_DMZ
  23.   inspect
  24.  class type inspect RIP
  25.   pass
  26.  class class-default
  27. !
  28. zone security INSIDE
  29. zone security DMZ
  30. zone security OUTSIDE
  31. zone-pair security INSIDE_OUTSIDE source INSIDE destination OUTSIDE
  32.  service-policy type inspect INSIDE_OUTSIDE
  33. zone-pair security OUTSIDE_DMZ source OUTSIDE destination DMZ
  34.  service-policy type inspect OUTSIDE_DMZ
  35. bridge irb
  36.  
  37. !
  38. !
  39. interface FastEthernet0/0
  40.  no ip address
  41.  zone-member security INSIDE
  42.  duplex auto
  43.  speed auto
  44.  bridge-group 1
  45.  bridge-group 1 input-type-list 202
  46. !
  47. interface FastEthernet0/1
  48.  no ip address
  49.  duplex auto
  50.  speed auto
  51. !
  52. interface FastEthernet0/1.23
  53.  encapsulation dot1Q 23
  54.  ip access-group OUTSIDE_DMZ in
  55.  zone-member security OUTSIDE
  56.  bridge-group 1
  57.  bridge-group 1 input-type-list 202
  58. !
  59. interface FastEthernet0/1.100
  60.  encapsulation dot1Q 100
  61.  ip access-group DMZ_ANY in
  62.  zone-member security DMZ
  63.  bridge-group 1
  64.  bridge-group 1 input-type-list 202
  65. !
  66. interface Serial1/0
  67.  no ip address
  68.  shutdown
  69. !
  70. interface Serial1/1
  71.  no ip address
  72.  shutdown
  73. !
  74. interface Serial1/2
  75.  no ip address
  76.  shutdown
  77. !
  78. interface Serial1/3
  79.  no ip address
  80.  shutdown
  81. !
  82. interface BVI1
  83.  ip address 10.0.0.3 255.255.255.0
  84. !
  85. ip forward-protocol nd
  86. !
  87. !
  88. no ip http server
  89. no ip http secure-server
  90. !
  91. ip access-list extended DMZ_ANY
  92.  deny   ip any any log
  93. ip access-list extended OUTSIDE_DMZ
  94.  permit ip any host 10.0.0.100
  95. ip access-list extended test
  96.  permit ip any any
  97. !
  98. access-list 110 permit udp any any eq rip
  99. access-list 111 permit ip any host 10.0.0.100
  100. access-list 202 permit 0x0000 0xFFFF
  101. access-list 202 deny   0x86DD 0x0000
  102. !
  103. !
  104. !
  105. !
  106. control-plane
  107. !
  108. bridge 1 protocol ieee
  109. bridge 1 route ip
  110. !
  111. !
  112. line con 0
  113.  exec-timeout 0 0
  114.  privilege level 15
  115.  logging synchronous
  116. line aux 0
  117.  exec-timeout 0 0
  118.  privilege level 15
  119. line vty 0 4
  120.  password cisco
  121.  login
  122. !
  123. !
  124. end
create a new version of this paste RAW Paste Data