Static
To send all traffic to 192.168.0.1 out the outside interface.
To send any traffic in 10.0.1.0/24 to 10.0.0.1 out the inside interface
Allow RIP updates to be received on the outside interface with a key of cisco and id of 2.
Pass RIP updates out the inside interface
To configure OSPF with the standard 3 interfaces (inside,outside,DMZ)
(config-router)area 0 filter-list prefix testlist
(config)#prefix-list testlist deny 10.0.0.0/16
(config)#perfix-list testlist permit 172.16.0.0/16
To send all traffic to 192.168.0.1 out the outside interface.
To send any traffic in 10.0.1.0/24 to 10.0.0.1 out the inside interface
(config)#Route outside 0 0 192.168.0.1RIP
(config)#Route inside 10.0.1.0 255.255.255.0 10.0.0.1
Allow RIP updates to be received on the outside interface with a key of cisco and id of 2.
Pass RIP updates out the inside interface
(config)#rip outside passive version 2 authentication md5 cisco 2Allow RIP v2 passive on the the outside and dmz interface and Allow RIP v1 passive on the inside
(config)#rip inside default
(config)#rip outside passive version 2 authentication md5 cisco 2OSPF
(config)#rip inside passive
(config)#rip dmz passive version 2
To configure OSPF with the standard 3 interfaces (inside,outside,DMZ)
(config)#router ospf 1To filter LSA3 advertisments out from area 0 so that the internal network is denied but the DMZ is allowed.
(config-router)#network 1.1.1.0 255.255.255.0 area 0
(config-router)network 172.16.0.0 255.255.0.0 area 172.16.0.0
(config-router)network 10.0.0.0 255.255.255.0 area 10.0.0.0
(config-router)area 0 filter-list prefix testlist
(config)#prefix-list testlist deny 10.0.0.0/16
(config)#perfix-list testlist permit 172.16.0.0/16
No comments:
Post a Comment