! Listing 10.24: Ethernet DLSw through dual firewalls--inside DLSw Peer Router R-1
!
!Copyright (C) 2001 by Vincent C Jones. All Rights Reserved.


version 11.2
!
hostname R-1
!
ip subnet-zero
!
dlsw local-peer peer-id 10.0.0.1 lf 1500
! 10.0.0.1 inside	= 100.0.0.98 outside via F-3A
!			= 101.0.0.98 outside via F-4B
dlsw bgroup-list 7 bgroups 5
dlsw bgroup-list 11 bgroups 6
! Production peer with router R-C via firewall F-3A
dlsw remote-peer 7 tcp 10.1.2.98
! Peer to router R-C via F-4B if problems with F-3A
dlsw remote-peer 7 tcp 10.3.2.98 backup-peer 10.1.2.98
! Dummy peer so R-2 can see that we are alive and well
dlsw remote-peer 11 tcp 10.0.0.2
dlsw bridge-group 5	! Production Traffic
dlsw bridge-group 6	! Dummy for router R-2
!
interface Loopback1
 description Local peer address for DLSw
 ip address 10.0.0.1 255.255.255.255
!
interface Ethernet0
 ip address 10.100.0.2 255.255.128.0
 bridge-group 5
 bridge-group 5 spanning-disabled
 .
 .
! Add the following two lines to all interfaces except Ethernet0
 ip access-group 150 out
 ip access-group 151 in
 .
 .

router ospf 123
 network 10.0.0.1 0.0.0.0 area 10.100.0.0
 network 10.100.0.0 0.0.255.255 area 10.100.0.0
!
access-list 150 deny   tcp host 10.0.0.1 host 10.0.0.2 eq 2065
access-list 150 permit ip any any
access-list 151 deny   tcp host 10.0.0.2 host 10.0.0.1 eq 2065
access-list 151 permit ip any any
!
bridge 5 protocol ieee
bridge 6 protocol ieee
!
end