Cisco Cisco IPS 4520 Sensor Weißbuch
57
Appendix B: Configuration Example
August 2012 Series
57
!
interface GigabitEthernet0/2
description LAN/STATE Failover Interface
!
interface GigabitEthernet0/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3.16
description Primary Internet connection on VLAN 16
vlan 16
nameif outside-16
security-level 0
ip address 172.16.130.124 255.255.255.0 standby 172.16.130.123
!
interface GigabitEthernet0/3.17
description Resilient Internet connection on VLAN 17
vlan 17
nameif outside-17
security-level 0
ip address 172.17.130.124 255.255.255.0 standby 172.17.130.123
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif IPS-mgmt
security-level 0
no ip address
management-only
!
boot system disk0:/asa861-1-smp-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name cisco.local
object network dmz-networks
subnet 192.168.16.0 255.255.248.0
description The Organization’s DMZ network range
object network Internal-network-ISPb
subnet 10.4.0.0 255.254.0.0
description All Internal Networks
object network internal-network-ISPa
subnet 10.4.0.0 255.254.0.0
description All Internal Networks
object network internall-network-ISPb
subnet 10.4.0.0 255.254.0.0
description All Internal Networks
object network outside-webserver-ISPa
host 172.16.130.100
description Webserver on ISP A