Example of configuring OmniAccess 740 without having any example on the net excluding the official documentation which doesn’t help a lot.
!Current Configuration: ! ! NVRAM config last updated at 11:12:43 GMT Wed Oct 14 2000 by superadmin ! Statlog Configuration ! logging on logging buffered priority 7 logging buffered size 128 logging console 3 logging system 5 service timestamps log logging rate-limit 1 10 tag SWE subtag DOS logging rate-limit 1 10 tag SWE subtag SESSION ip domain-name megabit.com ip name-server 8.8.8.8 hostname gateway ! !VRF Configuration ! ! MULTICAST Configuration ! ! ! ssh enable ! ! ! Clock synchronization ! clock synchronize using ntp server 91.122.42.73 every 120 minutes ! ! SNMP Configurations ! ! aaa services ! username recovery password 5 0cfda33ea4d2738262080e7d7757d7ba username superadmin password 5 21232f297a57a5a743894a0e4a801fc3 ! ! ! enable password 5 5f02b358aadcf55b752c034ab79f3b4a ! aaa authorization disable ! ! key-chain RIP-keyName-Auth key 10 key-string MegaBit2000 ! interface Loopback1 ip address 1.1.1.1/30 no shutdown top ! interface GigabitEthernet3/0 description WAN link ip address 217.10.84.26/29 ip address 217.10.84.27/29 secondary ip address 217.10.84.28/29 secondary ip address 217.10.84.29/29 secondary ip address 217.10.84.42/29 secondary ip address 217.10.84.43/29 secondary ip address 217.10.84.44/29 secondary no shutdown top ! interface GigabitEthernet3/1 shutdown top ! interface Vlan100 description LAN Link ip address 10.0.21.66/24 ip rip v2-broadcast ip rip send version 2 ip rip receive version 2 ip rip authentication key-chain RIP-keyName-Auth ip rip authentication mode text no shutdown top ! interface Vlan200 description DMZ Link ip address 172.16.0.254/24 shutdown top ! interface switchport1/0 switchport access vlan 100 no shutdown top ! interface switchport1/1 shutdown top ! interface switchport1/2 shutdown top ! interface switchport1/3 shutdown top ! interface switchport1/4 switchport access vlan 200 shutdown top ! interface switchport1/5 shutdown top ! interface switchport1/6 shutdown top ! interface switchport1/7 shutdown top ! ! router rip version 2 network 10.0.0.0 neighbor 10.21.0.126 no auto-summary passive-interface default no passive-interface Vlan100 redistribute connected ! ip route 0.0.0.0/0 217.10.84.25 ip route 0.0.0.0/0 217.10.84.41 ip route 10.0.2.0/24 10.0.21.254 ip route 10.0.4.0/24 10.0.21.254 ip route 10.0.111.0/24 10.0.21.254 ip route 10.0.176.0/24 10.0.21.254 ! list Trust prefix 10.0.20.0/24 prefix 10.0.21.0/24 prefix 10.0.23.0/24 prefix 10.0.24.0/24 prefix 10.0.25.0/24 prefix 10.0.26.0/24 prefix 10.0.27.0/24 prefix 10.0.31.0/24 list Untrust prefix 217.10.84.24/29 prefix 217.10.84.40/29 list DMZ host 172.16.0.26 host 172.16.0.27 host 172.16.0.28 host 172.16.0.29 host 172.16.0.30 host 172.16.0.42 host 172.16.0.43 host 172.16.0.44 host 172.16.0.45 host 172.16.0.46 list MGR host 10.0.21.66 host 172.16.0.254 host 217.10.84.28 list N1918 prefix 10.0.0.0/8 prefix 172.16.0.0/12 prefix 192.168.0.0/8 prefix 0.0.0.0/8 prefix 14.0.0.0/8 prefix 127.0.0.0/8 list untrust-manage host 217.10.84.28 list dmz-manage host 172.16.0.254 list trust-manage host 10.0.21.66 list Polygon-Kafa host 10.0.21.254 list Server-IP-26 host 172.16.0.26 host 217.10.84.26 list Server-IP-27 host 172.16.0.27 host 217.10.84.27 list Server-IP-29 host 172.16.0.29 host 217.10.84.29 list Server-IP-30 host 172.16.0.30 host 217.10.84.30 list Server-IP-42 host 10.0.21.153 host 217.10.84.42 list Server-IP-43 host 172.16.0.43 host 217.10.84.43 list Server-IP-44 host 172.16.0.44 host 217.10.84.44 list Server-IP-45 host 172.16.0.45 host 217.10.84.45 list Server-IP-46 host 172.16.0.46 host 217.10.84.46 list Server-IP-28 host 10.0.21.155 host 217.10.84.28 match-list gate-IP-25 10 ip host 172.16.0.26 any 20 ip host 172.16.0.27 any 30 ip host 172.16.0.28 any 40 ip host 172.16.0.29 any 50 ip host 172.16.0.30 any match-list gate-IP-41 10 ip prefix 10.0.20.0/24 any 20 ip prefix 10.0.21.0/24 any 30 ip prefix 10.0.23.0/24 any 40 ip prefix 10.0.25.0/24 any 50 ip prefix 10.0.26.0/24 any 60 ip prefix 10.0.31.0/24 any 70 ip host 172.16.0.42 any 80 ip host 172.16.0.43 any 90 ip host 172.16.0.44 any 100 ip host 172.16.0.45 any 110 ip host 172.16.0.46 any match-list Internet-server-IP-26-access 1 tcp any host 217.10.84.26 service http 2 tcp any host 217.10.84.26 service https match-list Internet-server-IP-27-access 1 tcp any host 217.10.84.27 service http 2 tcp any host 217.10.84.27 service https match-list Internet-server-IP-28-access 1 tcp any host 217.10.84.28 service http 2 tcp any host 217.10.84.28 service 3389 match-list Internet-server-IP-29-access 1 tcp any host 217.10.84.29 service http 2 tcp any host 217.10.84.29 service https match-list Internet-server-IP-30-access 1 tcp any host 217.10.84.30 service http 2 tcp any host 217.10.84.30 service https match-list Internet-server-IP-42-access 1 tcp any host 217.10.84.42 service http 2 tcp any host 217.10.84.42 service https match-list Internet-server-IP-43-access 1 tcp any host 217.10.84.43 service http 2 tcp any host 217.10.84.43 service https match-list Internet-server-IP-44-access 1 tcp any host 217.10.84.44 service http 2 tcp any host 217.10.84.44 service https match-list Internet-server-IP-45-access 1 tcp any host 217.10.84.45 service http 2 tcp any host 217.10.84.45 service https match-list Internet-server-IP-46-access 1 tcp any host 217.10.84.46 service http 2 tcp any host 217.10.84.46 service https match-list Internet-access 1 ip list Trust list Untrust 2 ip list Trust any match-list trust-DMZ-access 1 ip list Trust list DMZ match-list untrust-DMZ-access 1 tcp list DMZ list Untrust service http 2 tcp list DMZ list Untrust service https 3 tcp list DMZ list Untrust service dns 4 udp list DMZ list Untrust service dns match-list Internet-Trust 1 ip any any match-list DMZ-Trust 1 ip any any match-list RFC-1918 1 ip list N1918 list Trust 2 ip list N1918 list DMZ match-list untrust-manage 1 tcp any list untrust-manage service ssh match-list DoS 1 ip any list Trust 2 ip any list DMZ match-list trust-manage 1 tcp list Trust list MGR service ssh 2 tcp list Untrust list MGR service ssh 3 tcp any list MGR service ssh match-list Untrust-DMZ-or-Trust-access 1 ip any list Trust 2 ip any list DMZ match-list Trust-or-DMZ-Untrust-access 1 ip list Trust any 2 ip list DMZ any match-list Source-NAT 1 ip prefix 10.0.20.0/24 any 2 ip prefix 10.0.21.0/24 any 3 ip prefix 10.0.23.0/24 any 4 ip prefix 10.0.25.0/24 any 5 ip prefix 10.0.26.0/24 any 6 ip prefix 10.0.31.0/24 any 7 ip host 172.16.0.26 any 8 ip host 172.16.0.27 any 9 ip host 172.16.0.28 any 10 ip host 172.16.0.29 any 11 ip host 172.16.0.30 any 12 ip host 172.16.0.42 any 13 ip host 172.16.0.43 any 14 ip host 172.16.0.44 any 15 ip host 172.16.0.45 any 16 ip host 172.16.0.46 any match-list Forward-Polygon-Kafa 1 tcp any list Polygon-Kafa service 1280 2 udp any list Polygon-Kafa service 1280 match-list icmp-out-packages 1 icmp any any icmp-type 8 icmp-subtype 0 3 icmp any any icmp-type 11 icmp-subtype 0 4 icmp any any icmp-type 3 icmp-subtype 3 5 udp any any service range 33434 33534 match-list icmp-in-packages 1 icmp any any icmp-type 0 icmp-subtype 0 3 icmp any any icmp-type 11 icmp-subtype 0 4 icmp any any icmp-type 3 icmp-subtype 3 match-list Forward-to-IP-26 1 tcp any list Server-IP-26 service http 2 tcp any list Server-IP-26 service https match-list Forward-to-IP-27 1 tcp any list Server-IP-27 service http 2 tcp any list Server-IP-27 service https match-list Forward-to-IP-28 1 tcp any list Server-IP-28 service http 2 tcp any list Server-IP-28 service 3389 match-list Forward-to-IP-29 1 tcp any list Server-IP-29 service http 2 tcp any list Server-IP-29 service https match-list Forward-to-IP-30 1 tcp any list Server-IP-30 service http 2 tcp any list Server-IP-30 service https match-list Forward-to-IP-42 1 tcp any list Server-IP-42 service http 2 tcp any list Server-IP-42 service https match-list Forward-to-IP-43 1 tcp any list Server-IP-43 service http 2 tcp any list Server-IP-43 service https match-list Forward-to-IP-44 1 tcp any list Server-IP-44 service http 2 tcp any list Server-IP-44 service https match-list Forward-to-IP-45 1 tcp any list Server-IP-45 service http 2 tcp any list Server-IP-45 service https match-list Forward-to-IP-46 1 tcp any list Server-IP-46 service http 2 tcp any list Server-IP-46 service https match-list Local-query-DNS 1 tcp list MGR host 8.8.8.8 service dns 2 udp list MGR host 8.8.8.8 service dns 3 udp list MGR host 91.122.42.73 service 123 match-list all match-list icmp-traffic 1 icmp any any match-list SubNet20-NIR1-2 1 tcp prefix 10.0.20.0/24 any 2 udp prefix 10.0.20.0/24 any match-list SubNet21-Main 1 tcp prefix 10.0.21.0/24 any 2 udp prefix 10.0.21.0/24 any match-list SubNet23-NIR3 1 tcp prefix 10.0.23.0/24 any 2 udp prefix 10.0.23.0/24 any match-list SubNet24-NIR4 1 tcp prefix 10.0.24.0/24 any 2 udp prefix 10.0.24.0/24 any match-list SubNet25-NIR5 1 tcp prefix 10.0.25.0/24 any 2 udp prefix 10.0.25.0/24 any match-list SubNet26-NIR6 1 tcp prefix 10.0.26.0/24 any 2 udp prefix 10.0.26.0/24 any match-list SubNet27-Training 1 tcp prefix 10.0.27.0/24 any 2 udp prefix 10.0.27.0/24 any match-list SubNet31-Floor3 1 tcp prefix 10.0.31.0/24 any 2 udp prefix 10.0.31.0/24 any ! ! ! Filter Policy configuration ! ip filter untrust-traffic 10 match any icmp-in-packages permit 30 match any Internet-access permit 40 match any trust-DMZ-access permit 50 match any trust-manage permit 60 match any Untrust-DMZ-or-Trust-access permit 100 match any icmp-out-packages permit 120 match any Forward-to-IP-26 deny 130 match any Forward-to-IP-27 deny 140 match any Forward-to-IP-28 permit 150 match any Forward-to-IP-29 deny 160 match any Forward-to-IP-30 deny 170 match any Forward-to-IP-42 deny 180 match any Forward-to-IP-43 deny 190 match any Forward-to-IP-44 deny 200 match any Forward-to-IP-45 deny 210 match any Forward-to-IP-46 deny default deny top ! interface Vlan100 ip filter in untrust-traffic top ! interface GigabitEthernet3/0 ip filter in untrust-traffic top ! ip filter out-untrust 10 match any icmp-out-packages permit 20 match any Local-query-DNS permit 30 match any Internet-access permit 40 match any untrust-DMZ-access permit 50 match any Trust-or-DMZ-Untrust-access permit default deny top ! interface GigabitEthernet3/0 ip filter out out-untrust top ! ip filter in-untrust 10 match any Internet-Trust permit 20 match any trust-manage permit 30 match any icmp-in-packages permit default deny top ! interface Vlan100 ip filter out in-untrust top ! ! ! ! Dialer list configuration ! ! ! ! NAT Policy configuration ! ip nat Corporate-source-nat 10 match any Source-NAT source-nat top ! interface GigabitEthernet3/0 ip nat out Corporate-source-nat top ! ip nat DMZ-Destination-Nat 20 match any Internet-server-IP-28-access destination-nat host 10.0.21.155 top ! interface GigabitEthernet3/0 ip nat in DMZ-Destination-Nat top ! ! ! ! ! ! Firewall configuration ! ! ! IPSEC Policy configuration ! ! ! !QoS Configuration ! class-map priority-traffic match-any 1 match any icmp-traffic class-map Class-SubNet20 match-any 1 match all SubNet20-NIR1-2 class-map Class-SubNet21 match-any 1 match all SubNet21-Main class-map Class-SubNet23 match-any 1 match all SubNet23-NIR3 class-map Class-SubNet24 match-any 1 match all SubNet24-NIR4 class-map Class-SubNet25 match-any 1 match all SubNet25-NIR5 class-map Class-SubNet26 match-any 1 match all SubNet26-NIR6 class-map Class-SubNet27 match-any 1 match all SubNet27-Training class-map Class-SubNet31 match-any 1 match all SubNet31-Floor3 ! policy-map flow-policy policy-map Internet-Quote ! policy-map flow-policy 10 class priority-traffic priority 65535 class class-default policy-map Internet-Quote 10 class Class-SubNet21 bandwidth percent 5 65535 class class-default interface GigabitEthernet3/0 service-policy in Internet-Quote top ! ! !Customized-Services ! ! ! ! ! top ! ! ! ! ! DHCP Server Configuration ! ! ! ! ASE Configuration ! ase top ! ! end |