Routed Mode Sample Configurations
passwd secret1969
enable password h1andl0
route outside 0 0 209.165.201.1 1
ssh 10.1.1.75 255.255.255.255 inside
nat (inside) 1 10.1.1.0 255.255.255.0
! This context uses dynamic NAT for inside users that access the outside
global (outside) 1 209.165.201.10-209.165.201.29
! The host at 10.1.1.75 has access to the Websense server in Customer C, and
! it needs a static translation for use in Customer C's access list
static (inside,outside) 209.165.201.30 10.1.1.75 netmask 255.255.255.255
access-list INTERNET remark -Allows inside hosts to access the outside for any IP traffic
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside
Customer A Context Configuration (Example 1)
To change to a context configuration, enter the changeto context name command. To change back to the
system, enter changeto system.
interface vlan 3
interface vlan 5
passwd hell0!
enable password enter55
route outside 0 0 209.165.201.1 1
! The Customer A context has a second network behind an inside router that requires a
! static route. All other traffic is handled by the default route pointing to the router.
route inside 192.168.1.0 255.255.255.0 10.1.2.2 1
nat (inside) 1 10.1.2.0 255.255.255.0
! This context uses dynamic PAT for inside users that access that outside. The outside
! interface address is used for the PAT address
global (outside) 1 interface
access-list INTERNET remark -Allows inside hosts to access the outside for any IP traffic
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside
Customer B Context Configuration (Example 1)
To change to a context configuration, enter the changeto context name command. To change back to the
system, enter changeto system.
interface vlan 3
interface vlan 6
passwd tenac10us
enable password defen$e
route outside 0 0 209.165.201.1 1
nat (inside) 1 10.1.3.0 255.255.255.0
! This context uses dynamic PAT for inside users that access the outside
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-4
nameif outside
security-level 0
ip address 209.165.201.3 255.255.255.224
nameif inside
security-level 100
ip address 10.1.2.1 255.255.255.0
nameif outside
security-level 0
ip address 209.165.201.4 255.255.255.224
nameif inside
security-level 100
ip address 10.1.3.1 255.255.255.0
Appendix B
Sample Configurations
OL-20748-01