! Listing 10.26: Ethernet DLSw through dual firewalls--outside DLSw Peer Router R-C
!
!Copyright (C) 2001 by Vincent C Jones. All Rights Reserved.


version 11.2
!
hostname R-C
!
dlsw local-peer peer-id 120.0.0.1 lf 1500
!  120.0.0.1 outside = 10.1.2.98 inside via F-3A
!                    = 10.3.2.98 inside via F-4B
dlsw bgroup-list 7 bgroups 5	! Real users
dlsw bgroup-list 11 bgroups 6	! /dev/null
! Normal production peering with router R-1 via F-3A
dlsw remote-peer 7 tcp 100.0.0.98
! Allow router R-1 to bring up peer via F-4B
dlsw remote-peer 7 tcp 101.0.0.98 passive
! Allow R-2 to peer with us via F-3A if problems with R-1
dlsw remote-peer 7 tcp 100.0.0.99 passive
! Provide a harmless peer for R-D to test our health
dlsw remote-peer 11 tcp 120.0.0.2
dlsw bridge-group 5
dlsw bridge-group 6
!
interface Loopback1
 description Local peer address for DLSw
 ip address 120.0.0.1 255.255.255.255
!
interface Ethernet1/0
 ip address 120.0.1.2 255.255.255.0
 bridge-group 5
 bridge-group 5 spanning-disabled
 .
 .
! Add the following lines to all interfaces except Ethernet1/0
 ip access-group 150 out
 ip access-group 151 in
 .
 .

router eigrp 1
 network 120.0.0.0
!
access-list 150 deny   tcp host 120.0.0.1 host 120.0.0.2 eq 2065
access-list 150 permit ip any any
access-list 151 deny   tcp host 120.0.0.2 host 120.0.0.1 eq 2065
access-list 151 permit ip any any
!
bridge 5 protocol ieee
bridge 6 protocol ieee
!
end