! Listing 9.5: Router R-1 supporting redundant firewalls in routing mode ! !Copyright (C) 2001 by Vincent C Jones. All Rights Reserved. version 11.2 ! hostname R-1 ! ip subnet-zero ! interface Loopback0 description Management ID for this Router ip address 10.0.0.101 255.255.255.255 ! interface Loopback1 description Target IP for outside to inside through firewall F-1A ip address 10.255.255.1 255.255.255.255 ! interface Loopback2 description Target IP for outside to inside through firewall F-2B ip address 10.255.255.2 255.255.255.255 ! interface Ethernet0 description Firewall Access LAN-1 ip address 10.1.2.2 255.255.255.192 standby 1 priority 200 standby 1 preempt standby 1 ip 10.1.2.1 ! interface Ethernet1 description Firewall Access LAN-2 ip address 10.3.2.3 255.255.255.192 standby 2 priority 100 standby 2 ip 10.3.2.1 ! router ospf 123 redistribute static subnets route-map advertise network 10.0.0.101 0.0.0.0 area 59 network 10.1.2.0 0.0.0.63 area 59 network 10.3.2.0 0.0.0.63 area 59 ! . . . network definitions for other interfaces go here default-information originate ! router bgp 65111 no synchronization network 10.255.255.1 mask 255.255.255.255 network 10.255.255.2 mask 255.255.255.255 timers bgp 5 15 neighbor 10.0.0.102 remote-as 65111 neighbor 10.0.0.102 description IBGP with router R-2 neighbor 10.0.0.102 update-source Loopback0 neighbor 10.0.0.102 route-map map_here out neighbor 10.1.2.65 remote-as 60000 neighbor 10.1.2.65 description R-A through F-1A (10.255.255.11) neighbor 10.1.2.65 ebgp-multihop neighbor 10.1.2.65 distribute-list 11 in neighbor 10.1.2.65 distribute-list 1 out neighbor 10.1.2.65 route-map map_hop_11 in neighbor 10.3.2.66 remote-as 60000 neighbor 10.3.2.66 description R-B through F-2B (10.255.255.13) neighbor 10.3.2.66 ebgp-multihop neighbor 10.3.2.66 distribute-list 13 in neighbor 10.3.2.66 distribute-list 2 out neighbor 10.3.2.66 route-map map_hop_13 in ! ip classless ! Direct to F-1A ip route 0.0.0.0 0.0.0.0 10.255.255.11 1 ! To F-1A through R-2 ip route 0.0.0.0 0.0.0.0 10.255.255.14 2 ! Direct to F-2B ip route 0.0.0.0 0.0.0.0 10.255.255.13 3 ! To F-2B through R-2 ip route 0.0.0.0 0.0.0.0 10.255.255.12 4 ! Direct to F-2B ip route 10.0.0.1 255.255.255.255 10.255.255.13 1 ! To F-2B through R-2 ip route 10.0.0.1 255.255.255.255 10.255.255.12 2 ! Direct to F-1A ip route 10.0.0.1 255.255.255.255 10.255.255.11 3 ! To F-1A through R-2 ip route 10.0.0.1 255.255.255.255 10.255.255.14 4 ! Real route to F-1A ip route 10.1.2.65 255.255.255.255 10.1.2.4 ! Real route to F-2B ip route 10.3.2.66 255.255.255.255 10.3.2.4 ! access-list 1 permit 10.255.255.1 access-list 2 permit 10.255.255.2 access-list 10 permit 10.0.0.1 access-list 11 permit 10.255.255.11 access-list 13 permit 10.255.255.13 ! route-map advertise permit 10 match ip address 10 ! route-map map_here permit 15 match ip address 11 set ip next-hop 10.0.0.101 ! route-map map_here permit 25 match ip address 13 set ip next-hop 10.0.0.101 ! route-map map_hop_11 permit 10 match ip address 11 set ip next-hop 10.1.2.4 ! route-map map_hop_13 permit 10 match ip address 13 set ip next-hop 10.3.2.4 ! end