! Listing 9.8: Router R-B supporting redundant firewalls in routing mode ! !Copyright (C) 2001 by Vincent C Jones. All Rights Reserved. version 11.2 ! hostname R-B ! ! WARNING!! Self defense configuration statements not shown ! ip subnet-zero ! interface Loopback0 description Management ID for this Router ip address 100.0.0.202 255.255.255.255 ! interface Loopback13 description Target IP for inside to outside through firewall F-2B ip address 10.255.255.13 255.255.255.255 ! interface Loopback14 description Target IP for inside to outside through firewall F-1A ip address 10.255.255.14 255.255.255.255 ! interface Serial0/0 description T1 to ISP #2 ip address 120.0.0.1 255.255.255.252 ! interface Ethernet1/0 description Firewall Access LAN-A ip address 100.0.0.3 255.255.255.192 no ip redirects standby 1 priority 100 standby 1 ip 100.0.0.1 ! interface Ethernet1/1 description Firewall Access LAN-B ip address 101.0.0.2 255.255.255.192 no ip redirects standby 2 priority 200 standby 2 preempt standby 2 ip 101.0.0.1 ! router ospf 123 network 100.0.0.202 0.0.0.0 area 59 network 100.0.0.0 0.0.0.63 area 59 network 101.0.0.0 0.0.0.63 area 59 network 120.0.0.0 0.0.0.3 area 59 ! . . . network definitions for other interfaces go here ! router bgp 60000 no synchronization network 10.255.255.13 mask 255.255.255.255 network 10.255.255.14 mask 255.255.255.255 network 100.0.0.0 mask 255.255.255.0 network 101.0.0.0 mask 255.255.255.0 network 120.0.0.0 mask 255.255.255.252 redistribute connected neighbor 100.0.0.201 remote-as 60000 neighbor 100.0.0.201 description IBGP with Router R-A neighbor 100.0.0.201 update-source Loopback0 neighbor 100.0.0.201 route-map map_here out neighbor 100.0.0.66 remote-as 65111 neighbor 100.0.0.66 description Peering with R-2 through F-1A (10.255.255.3) neighbor 100.0.0.66 ebgp-multihop neighbor 100.0.0.66 timers 5 15 neighbor 100.0.0.66 distribute-list 3 in neighbor 100.0.0.66 distribute-list 14 out neighbor 100.0.0.66 route-map map_hop_3 in neighbor 101.0.0.65 remote-as 65111 neighbor 101.0.0.65 description Peering with R-1 through F-2B (10.255.255.2) neighbor 101.0.0.65 ebgp-multihop neighbor 101.0.0.65 timers 5 15 neighbor 101.0.0.65 distribute-list 2 in neighbor 101.0.0.65 route-map map_hop_2 in neighbor 101.0.0.65 distribute-list 13 out neighbor 120.0.0.2 remote-as 55555 neighbor 120.0.0.2 description Peering with ISP #2 neighbor 120.0.0.2 distribute-list 10 out neighbor 120.0.0.2 filter-list 9 out no auto-summary ! ip classless ip route 100.0.0.99 255.255.255.255 10.255.255.3 1 ip route 100.0.0.99 255.255.255.255 10.255.255.1 2 ip route 100.0.0.99 255.255.255.255 10.255.255.2 3 ip route 100.0.0.99 255.255.255.255 10.255.255.4 4 ip route 101.0.0.99 255.255.255.255 10.255.255.2 1 ip route 101.0.0.99 255.255.255.255 10.255.255.4 2 ip route 101.0.0.99 255.255.255.255 10.255.255.3 3 ip route 101.0.0.99 255.255.255.255 10.255.255.1 4 ip route 100.0.0.66 255.255.255.255 100.0.0.4 ip route 101.0.0.65 255.255.255.255 101.0.0.4 ip route 100.0.0.0 255.255.255.0 null0 ip route 101.0.0.0 255.255.255.0 null0 ! access-list 2 permit 10.255.255.2 access-list 3 permit 10.255.255.3 access-list 10 deny 10.0.0.0 0.255.255.255 access-list 10 permit any access-list 13 permit 10.255.255.13 access-list 14 permit 10.255.255.14 ! route-map map_here permit 15 match ip address 2 set ip next-hop 100.0.0.202 ! route-map map_here permit 25 match ip address 3 set ip next-hop 100.0.0.202 ! route-map map_hop_2 permit 10 match ip address 2 set ip next-hop 101.0.0.4 ! route-map map_hop_3 permit 10 match ip address 3 set ip next-hop 100.0.0.4 ! ip as-path access-list 9 permit ^(_60000)*$ ! end