Not trying to be harsh, but have you looked on CCO for this
information? Generally speaking, there is no reason to look farther
than CCO if all you want to know is the meaning of a command. All of
the cisco docs are available on-line for free and easily accessible via
a web browser.
If your not familiar with the cisco web site, you really need to be if
you intend to support cisco equipment.
All of the following commands can be found in the following link to the
12.0 documentation, I leave it as an exercise for you to find the
particular commands that your looking for. I realize there is a lot of
info at this link, but you really need to familiarize yourself with
where this information is located in the cisco docs:
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/index.htm>
-Kent
"Sim, CT (Chee Tong)" wrote:
>
> Dear friends, I am just a junior, I have a few question after seeing our
> company firewall configuration... Pls see below,
>
> 1) What is meaning of "ip inspect name fw tcp"
> 2) What is meaning of "ip nat outside" and "ip nat inside" What is the
> difference?
> 3) What is meaning of "ip inspect fw in"
> 4) What is meaning of "ip nat pool rabobank 192.168.3.101 192.168.3.200
> netmask 255.255.255.0"
>
>
>
> Chee Tong
>
> service timestamps log uptime
> no service password-encryption
> !
> hostname RBFW2514
> !
> enable password XXXXXXXXXXXXX
> !
> !
> !
> !
> !
> ip subnet-zero
> no ip domain-lookup
> !
> ip inspect name fw tcp
> ip inspect name fw udp
> ip inspect name fw smtp
> ip inspect name fw ftp
> !
> !
> process-max-time 200
> !
> interface Ethernet0
> description Interface facing Financial Service Provider
> ip address X .X.X.X 255.255.255.0
> ip access-group 100 in
> no ip directed-broadcast
> ip nat outside
> !
> interface Ethernet1
> description Interface facing Rabobank (Trusted) network
> ip address X.X.X.X 255.255.254.0
> no ip directed-broadcast
> ip nat inside
> ip inspect fw in
> !
> interface Serial0
> ip unnumbered Ethernet0
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> no fair-queue
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat pool rabobank 192.168.3.101 192.168.3.200 netmask 255.255.255.0
> ip nat pool rabobank1 192.168.3.201 192.168.3.240 netmask 255.255.255.0
> ip nat pool rabobank2 192.168.3.101 192.168.3.240 netmask 255.255.255.0
> ip nat inside source list 1 pool rabobank2
> ip nat inside source list 2 pool rabobank1
> ip classless
> ip route 172.16.0.0 255.255.0.0 192.168.3.31
> ip route 192.168.3.0 255.255.255.0 10.168.3.2
> ip route 199.105.176.0 255.255.248.0 192.168.3.21
> ip route 199.105.184.0 255.255.254.0 192.168.3.21
> ip route 205.183.246.0 255.255.255.0 192.168.3.21
> ip route 208.134.161.0 255.255.255.0 192.168.3.21
> no ip http server
> !
> access-list 1 permit any
> access-list 100 permit tcp any any eq www
> access-list 100 permit tcp any eq www any
> access-list 100 permit tcp any any eq 5100
> access-list 100 permit tcp any eq 5100 any
> access-list 100 permit tcp any any eq 60101
> access-list 100 permit tcp any eq 60101 any
> access-list 100 permit tcp any any eq 7091
>
> access-list 100 permit tcp any any eq 4040
> access-list 100 permit tcp any any eq 6080
> access-list 100 permit tcp any any range 8194 8294
> access-list 100 permit udp any any range 48129 48192
> access-list 100 permit udp any eq 6080 any
> access-list 100 permit udp any eq 4040 any
> snmp-server engineID local 00000009020000107B8102E6
> snmp-server community public RO
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> password XXXXXXXXXXXX
> login
> length 0
> !
> end
>
> ==================================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==================================================================
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
> ==================================================================
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
--
##################################################
Kent Hundley Lucent Networkcare
CISSP, CCSE Sr. Network Consultant
##################################################
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
