! Listing 10.25: Ethernet DLSw through dual firewalls--inside DLSw Peer Router R-2
!
!Copyright (C) 2001 by Vincent C Jones. All Rights Reserved.


version 11.2
!
hostname R-2
!
dlsw local-peer peer-id 10.0.0.2 lf 1500
! 10.0.0.2 inside	= 100.0.0.99 outside via F-3A
!			= 101.0.0.99 outside via F-4B
! Peer via LAN to bit-bucket on R-1
dlsw remote-peer 0 tcp 10.0.0.1
! Any problems with R-1 or LAN, bring up peer to R-C via F-3A
dlsw remote-peer 0 tcp 10.1.2.98 backup-peer 10.0.0.1
! Allow R-D to peer with us via F-4B if problems with R-C
dlsw remote-peer 0 tcp 10.3.2.99 passive
dlsw bridge-group 5
!
interface Loopback1
 description Local peer address for DLSw
 ip address 10.0.0.2 255.255.255.255
!
interface Ethernet0
 ip address 10.100.0.3 255.255.128.0
 bridge-group 5
 bridge-group 5 spanning-disabled
 .
 .
! Add the following lines to all interfaces except Ethernet0
 ip access-group 150 out
 ip access-group 151 in
 .
 .

router ospf 123
 network 10.0.0.2 0.0.0.0 area 10.100.0.0
 network 10.100.0.0 0.0.255.255 area 10.100.0.0
!
access-list 150 deny   tcp host 10.0.0.2 host 10.0.0.1 eq 2065
access-list 150 permit ip any any
access-list 151 deny   tcp host 10.0.0.1 host 10.0.0.2 eq 2065
access-list 151 permit ip any any
!
bridge 5 protocol ieee
!
end