Cisco Cisco IPS 4360 Sensor Libro bianco

57

Appendix B: Configuration Example 

August 2012 Series

57

!

interface GigabitEthernet0/2

 description LAN/STATE Failover Interface

!

interface GigabitEthernet0/3

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/3.16

 description Primary Internet connection on VLAN 16

 vlan 16

 nameif outside-16

 security-level 0

 ip address 172.16.130.124 255.255.255.0 standby 172.16.130.123

!

interface GigabitEthernet0/3.17

 description Resilient Internet connection on VLAN 17

 vlan 17

 nameif outside-17

 security-level 0

 ip address 172.17.130.124 255.255.255.0 standby 172.17.130.123

!

interface GigabitEthernet0/4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/5

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/6

 shutdown

 no nameif

 no security-level

 no ip address

!

interface GigabitEthernet0/7

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Management0/0

 nameif IPS-mgmt

 security-level 0

 no ip address

 management-only

!

boot system disk0:/asa861-1-smp-k8.bin

ftp mode passive

clock timezone PST -8

clock summer-time PDT recurring

dns server-group DefaultDNS

 domain-name cisco.local

object network dmz-networks

 subnet 192.168.16.0 255.255.248.0

 description The Organization’s DMZ network range

object network Internal-network-ISPb

 subnet 10.4.0.0 255.254.0.0

 description All Internal Networks

object network internal-network-ISPa

 subnet 10.4.0.0 255.254.0.0

 description All Internal Networks

object network internall-network-ISPb

 subnet 10.4.0.0 255.254.0.0

 description All Internal Networks

object network outside-webserver-ISPa

 host 172.16.130.100

 description Webserver on ISP A