! Listing 9.6: Router R-2 supporting redundant firewalls in routing mode ! !Copyright (C) 2001 by Vincent C Jones. All Rights Reserved. version 11.2 ! hostname R-2 ! ip subnet-zero ! interface Loopback0 description Management ID for this Router ip address 10.0.0.102 255.255.255.255 ! interface Loopback3 description Target address for outside to inside through firewall F-1A ip address 10.255.255.3 255.255.255.255 ! interface Loopback4 description Target address for outside to inside through firewall F-2B ip address 10.255.255.4 255.255.255.255 ! interface Ethernet0 description Firewall Access LAN-1 ip address 10.1.2.3 255.255.255.192 standby 1 priority 100 standby 1 ip 10.1.2.1 ! interface Ethernet1 description Firewall Access LAN-2 ip address 10.3.2.2 255.255.255.192 standby 2 priority 200 standby 2 preempt standby 2 ip 10.3.2.1 ! router ospf 123 redistribute static subnets route-map advertise network 10.0.0.102 0.0.0.0 area 59 network 10.1.2.0 0.0.0.63 area 59 network 10.3.2.0 0.0.0.63 area 59 ! . . . network definitions for other interfaces go here default-information originate ! router bgp 65111 no synchronization network 10.255.255.3 mask 255.255.255.255 network 10.255.255.4 mask 255.255.255.255 timers bgp 5 15 neighbor 10.0.0.101 remote-as 65111 neighbor 10.0.0.101 description IBGP with router R-1 neighbor 10.0.0.101 update-source Loopback0 neighbor 10.0.0.101 route-map map_here out neighbor 10.1.2.66 remote-as 60000 neighbor 10.1.2.66 description R-B through F-1A (10.255.255.14) neighbor 10.1.2.66 ebgp-multihop neighbor 10.1.2.66 distribute-list 14 in neighbor 10.1.2.66 distribute-list 3 out neighbor 10.1.2.66 route-map map_hop_14 in neighbor 10.3.2.65 remote-as 60000 neighbor 10.3.2.65 description R-A through F-2B (10.255.255.12) neighbor 10.3.2.65 ebgp-multihop neighbor 10.3.2.65 distribute-list 12 in neighbor 10.3.2.65 distribute-list 4 out neighbor 10.3.2.65 route-map map_hop_12 in ! ip classless ! Direct to F-1A ip route 0.0.0.0 0.0.0.0 10.255.255.14 1 ! To F-1A through R-1 ip route 0.0.0.0 0.0.0.0 10.255.255.11 2 ! Direct to F-2B ip route 0.0.0.0 0.0.0.0 10.255.255.12 3 ! To F-2B through R-1 ip route 0.0.0.0 0.0.0.0 10.255.255.13 4 ! Direct to F-2B ip route 10.0.0.1 255.255.255.255 10.255.255.12 1 ! To F-2B through R-1 ip route 10.0.0.1 255.255.255.255 10.255.255.13 2 ! Direct to F-1A ip route 10.0.0.1 255.255.255.255 10.255.255.14 3 ! To F-1A through R-1 ip route 10.0.0.1 255.255.255.255 10.255.255.11 4 ! Real route to F-1A ip route 10.1.2.66 255.255.255.255 10.1.2.4 ! Real route to F-2B ip route 10.3.2.65 255.255.255.255 10.3.2.4 ! access-list 3 permit 10.255.255.3 access-list 4 permit 10.255.255.4 access-list 10 permit 10.0.0.1 access-list 12 permit 10.255.255.12 access-list 14 permit 10.255.255.14 ! route-map advertise permit 10 match ip address 10 ! route-map map_here permit 15 match ip address 12 set ip next-hop 10.0.0.102 ! route-map map_here permit 25 match ip address 14 set ip next-hop 10.0.0.102 ! route-map map_hop_12 permit 10 match ip address 12 set ip next-hop 10.3.2.4 ! route-map map_hop_14 permit 10 match ip address 14 set ip next-hop 10.1.2.4 ! end