Transparent Mode Sample Configurations
route outside 0.0.0.0 0.0.0.0 10.142.10.1 1
access-list INTERNET remark -Allows all inside IPv4 hosts to access the outside
access-list INTERNET extended permit ip any any
access-group INTERNET in interface inside
ipv6 route outside ::/0 2001:400:3:1::1
ipv6 access-list IPV6INTERNET permit ip any any
access-group IPV6INTERNET in interface inside
ipv6 access-list OUTACL permit icmp6 2001:400:2:1::/64 2001:400:1:1::/64
ipv6 access-list OUTACL permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq telnet
ipv6 access-list OUTACL permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq ftp
ipv6 access-list OUTACL permit tcp 2001:400:2:1::/64 2001:400:1:1::/64 eq www
access-group OUTACL in interface outside
Transparent Mode Sample Configurations
This section includes the following topics:
•
Example 5: Multiple Mode, Transparent Firewall with Outside Access Example
The following configuration creates three security contexts plus the admin context. Each context allows
OSPF traffic to pass between the inside and outside routers (see
Also, DHCP packets can pass through the transparent firewall, because the transparent firewall does not
support the DHCP relay feature.
Inside hosts can access the Internet through the outside, but no outside hosts can access the inside.
The admin context allows SSH sessions to the FWSM from one host. It also uses ARP inspection to
prevent IP spoofing of the upstream and downstream routers.
Each customer context belongs to a class that limits its resources (gold, silver, or bronze).
Although inside IP addresses can be the same across contexts, keeping them unique is easier to manage.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-14
Example 5: Multiple Mode, Transparent Firewall with Outside Access Example, page B-14
Appendix B
Sample Configurations
Figure
B-5).
OL-20748-01