Dear friends, I am just a junior, I have a few question after seeing our
company firewall configuration... Pls see below,
1) What is meaning of "ip inspect name fw tcp"
2) What is meaning of "ip nat outside" and "ip nat inside" What is the
difference?
3) What is meaning of "ip inspect fw in"
4) What is meaning of "ip nat pool rabobank 192.168.3.101 192.168.3.200
netmask 255.255.255.0"
Chee Tong
service timestamps log uptime
no service password-encryption
!
hostname RBFW2514
!
enable password XXXXXXXXXXXXX
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw smtp
ip inspect name fw ftp
!
!
process-max-time 200
!
interface Ethernet0
description Interface facing Financial Service Provider
ip address X .X.X.X 255.255.255.0
ip access-group 100 in
no ip directed-broadcast
ip nat outside
!
interface Ethernet1
description Interface facing Rabobank (Trusted) network
ip address X.X.X.X 255.255.254.0
no ip directed-broadcast
ip nat inside
ip inspect fw in
!
interface Serial0
ip unnumbered Ethernet0
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat pool rabobank 192.168.3.101 192.168.3.200 netmask 255.255.255.0
ip nat pool rabobank1 192.168.3.201 192.168.3.240 netmask 255.255.255.0
ip nat pool rabobank2 192.168.3.101 192.168.3.240 netmask 255.255.255.0
ip nat inside source list 1 pool rabobank2
ip nat inside source list 2 pool rabobank1
ip classless
ip route 172.16.0.0 255.255.0.0 192.168.3.31
ip route 192.168.3.0 255.255.255.0 10.168.3.2
ip route 199.105.176.0 255.255.248.0 192.168.3.21
ip route 199.105.184.0 255.255.254.0 192.168.3.21
ip route 205.183.246.0 255.255.255.0 192.168.3.21
ip route 208.134.161.0 255.255.255.0 192.168.3.21
no ip http server
!
access-list 1 permit any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any eq www any
access-list 100 permit tcp any any eq 5100
access-list 100 permit tcp any eq 5100 any
access-list 100 permit tcp any any eq 60101
access-list 100 permit tcp any eq 60101 any
access-list 100 permit tcp any any eq 7091
access-list 100 permit tcp any any eq 4040
access-list 100 permit tcp any any eq 6080
access-list 100 permit tcp any any range 8194 8294
access-list 100 permit udp any any range 48129 48192
access-list 100 permit udp any eq 6080 any
access-list 100 permit udp any eq 4040 any
snmp-server engineID local 00000009020000107B8102E6
snmp-server community public RO
!
line con 0
transport input none
line aux 0
line vty 0 4
password XXXXXXXXXXXX
login
length 0
!
end
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
