Routed Mode Sample Configurations
username admin password passw0rd
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
crypto dynamic-map vpn_client 1 set transform-set vpn
crypto map telnet_tunnel 1 ipsec-isakmp dynamic vpn_client
crypto map telnet_tunnel interface outside
ip local pool client_pool 10.1.1.2
access-list VPN_SPLIT extended permit ip host 209.165.201.3 host 10.1.1.2
telnet 10.1.1.2 255.255.255.255 outside
telnet timeout 30
logging trap 5
! System log messages are sent to the syslog server on the DMZ network
logging host dmz 192.168.2.2
logging enable
Switch Configuration (Example 2)
The following lines in the switch configuration relate to the FWSM:
interface vlan 3
...
Example 3: Shared Resources for Multiple Contexts Example
The following configuration includes multiple contexts for multiple departments within a company.
Each department has its own security context so that each department can have its own security policy.
However, the syslog, mail, and AAA servers are shared across all departments. These servers are placed
on a shared interface (see
Department 1 has a web server that outside users who are authenticated by the AAA server can access.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
B-8
ip address 209.165.201.1 255.255.255.224
no shutdown
Figure
B-3).
Appendix B
Sample Configurations
OL-20748-01