! Listing 9.10: Router R-2 supporting redundant firewalls in end-system mode
!
!Copyright (C) 2001 by Vincent C Jones. All Rights Reserved.


version 11.2
!
hostname R-2
!
ip subnet-zero
!
interface Loopback0
 description Management ID for this Router
 ip address 10.0.0.102 255.255.255.255
!
interface Loopback1
 description Target IP for outside to inside through firewall F-2B
 ip address 10.255.255.2 255.255.255.255
!
interface Ethernet0
 description Link to router R-1 through LAN-3
 ip address 10.2.2.2 255.255.255.0
 ip nat inside
!
interface Ethernet1
 description Firewall Access LAN-2
 ip address 10.3.2.1 255.255.255.192
 ip nat outside
!
! ADD "ip nat inside" statements to all interfaces other than Ethernet1
!
router ospf 123
 redistribute static subnets route-map advertise
 network 10.0.0.102 0.0.0.0 area 59
 network 10.2.2.0 0.0.0.255 area 59
 network 10.3.2.0 0.0.0.63 area 59
! . . . network definitions for other interfaces go here
!
router bgp 65111
 no synchronization
 network 10.255.255.2 mask 255.255.255.255
 timers bgp 5 15
 neighbor 10.2.2.1 remote-as 65111
 neighbor 10.2.2.1 description IBGP with Router R-1
 neighbor 10.2.2.1 update-source Loopback0
 neighbor 10.3.2.65 remote-as 60000
 neighbor 10.3.2.65 description Peering with R-B through F-2B (10.255.255.12)
 neighbor 10.3.2.65 ebgp-multihop
 neighbor 10.3.2.65 distribute-list 12 in
 neighbor 10.3.2.65 distribute-list 2 out
 neighbor 10.3.2.65 route-map map_hop_12 in
!
! Fix inside address if using F-2B
ip nat outside source static 10.3.2.99 10.1.2.99
ip classless
! Un-NATed through R-1		
ip route 10.1.2.99 255.255.255.255 10.255.255.11 1
! Backup through F-2B
ip route 10.1.2.99 255.255.255.255 10.255.255.12 2
! Route for BGP
ip route 10.3.2.65 255.255.255.255 10.3.2.4
!
access-list 2 permit 10.255.255.2
access-list 10 permit 10.1.2.0 0.0.0.255
access-list 12 permit 10.255.255.12
!
route-map advertise permit 10
 match ip address 10
!
route-map map_hop_12 permit 10
 match ip address 12
 set ip next-hop 10.3.2.4
!
end