From: Dillon Yang (gzdillon@hotmail.com)
Date: Sat Mar 26 2005 - 00:37:06 GMT-3
Hi, group:
In IOS firewall config, is the command "ip source-route" mandatory? or not?
Why?
!
hostname r2
!
ip source-route
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
!
no ip inspect audit-trail
ip inspect tcp synwait-time 30
ip inspect tcp finwait-time 5
ip inspect tcp idle-time 3600
ip inspect udp idle-time 30
ip inspect dns-timeout 5
ip inspect one-minute low 900
ip inspect one-minute high 1100
ip inspect max-incomplete low 900
ip inspect max-incomplete high 1100
ip inspect tcp max-incomplete host 50 block-time 0
!
ip inspect name Ethernet_0_0 ftp
ip inspect name Ethernet_0_0 tcp
ip inspect name Ethernet_0_0 udp
!
ip inspect name Serial_1_0 tcp
ip inspect name Serial_1_0 udp
!
interface Ethernet 0/0
description connected to EthernetLAN
ip address 3.3.3.1 255.255.255.0
ip inspect Ethernet_0_0 in
ip access-group 100 in
keepalive 10
!
interface Serial 1/0
description connected to Internet
ip address 202.1.1.1 255.255.255.0
ip inspect Serial_1_0 in
ip access-group 101 in
encapsulation ppp
!
access-list 100 permit udp any eq rip any eq rip
access-list 100 permit tcp any any range 20 21
access-list 100 permit tcp any any eq 80
access-list 100 permit tcp any any eq 119
access-list 100 permit tcp any any eq 23
access-list 100 permit udp any any eq domain
access-list 101 deny ip 3.3.3.0 0.0.0.255 any
access-list 101 permit tcp any 3.3.3.0 0.0.0.255 eq 80
access-list 101 permit tcp any 3.3.3.0 0.0.0.255 eq 119
access-list 101 permit udp any 3.3.3.0 0.0.0.255 eq domain
!
router rip
version 2
network 3.0.0.0
passive-interface Serial 1/0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 1/0
TIA
dillon
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3