! Listing 9.9: Router R-1 supporting redundant firewalls in end-system mode
!
!Copyright (C) 2001 by Vincent C Jones. All Rights Reserved.


version 11.2
!
hostname R-1
!
ip subnet-zero
!
interface Loopback0
 description Management ID for this Router
 ip address 10.0.0.101 255.255.255.255
!
interface Loopback1
 description Target IP for outside to inside through firewall F-1A
 ip address 10.255.255.1 255.255.255.255
!
interface Ethernet0
 description Firewall Access LAN-1
 ip address 10.1.2.1 255.255.255.192
!
interface Ethernet1
 description Link to router R-2
 ip address 10.2.2.1 255.255.255.0
!
router ospf 123
 redistribute static subnets route-map advertise
 network 10.0.0.101 0.0.0.0 area 59
 network 10.1.2.0 0.0.0.63 area 59
 network 10.2.2.0 0.0.0.255 area 59
! . . . network definitions for other interfaces go here
!
router bgp 65111
 no synchronization
 network 10.255.255.1 mask 255.255.255.255
 timers bgp 5 15
 neighbor 10.2.2.2 remote-as 65111
 neighbor 10.2.2.2 description IBGP with Router R-2
 neighbor 10.2.2.2 update-source Loopback0
 neighbor 10.1.2.65 remote-as 60000
 neighbor 10.1.2.65 description Peering with R-A through F-1A (10.255.255.11)
 neighbor 10.1.2.65 ebgp-multihop
 neighbor 10.1.2.65 distribute-list 11 in
 neighbor 10.1.2.65 distribute-list 1 out
 neighbor 10.1.2.65 route-map map_hop_11 in
!
ip classless
! Direct to F-1A
ip route 10.1.2.99 255.255.255.255 10.255.255.11 1
! To F-2B through R-2
ip route 10.1.2.99 255.255.255.255 10.255.255.12 2
! Real route to F-1A
ip route 10.1.2.65 255.255.255.255 10.1.2.4
!
access-list 1 permit 10.255.255.1
access-list 9 permit 10.1.2.64 0.0.0.63
access-list 10 permit 10.1.2.0 0.0.0.255
access-list 11 permit 10.255.255.11
!
route-map advertise deny 10
 match ip address 9
!
route-map advertise permit 15
 match ip address 10
!
route-map map_hop_11 permit 10
 match ip address 11
 set ip next-hop 10.1.2.4
!
end