! Generated by Network Security Policy Compiler, version 2.453

! [ BEGIN router:small ]
! [ Model = IOS_FW ]
! [ IP = 10.10.1.4 ]
! [ Routing ]
! Routing OSPF at interface:small.small_customer_trans1
! Routing OSPF at interface:small.small_customer_trans2
! route network:management -> interface:mngt.service_lan
ip route 10.1.11.0 255.255.255.0 10.10.1.6
! route network:web_servers -> interface:protect_web.service_lan
ip route 10.20.1.0 255.255.255.0 10.10.1.5
! [ ACL ]
! interface:small.small_customer_trans1
ip access-list extended Serial0_in
! permit src=network:0/0; dst=interface:small.small_customer_trans1; srv=service:ping;
 permit icmp any host 172.17.1.1 8
! permit src=network:0/0; dst=interface:small.small_customer_trans1; srv=service:pong;
 permit icmp any host 172.17.1.1 0
! permit src=network:0/0; dst=interface:small.small_customer_trans2; srv=service:ping;
 permit icmp any host 172.17.1.5 8
! permit src=network:0/0; dst=interface:small.small_customer_trans2; srv=service:pong;
 permit icmp any host 172.17.1.5 0
! permit src=network:small_customer_trans1; dst=auto_network:OSPF_multicast5; srv=auto_srv:OSPF;
 permit 89 172.17.1.0 0.0.0.3 host 224.0.0.5
! permit src=network:small_customer_trans1; dst=auto_network:OSPF_multicast6; srv=auto_srv:OSPF;
 permit 89 172.17.1.0 0.0.0.3 host 224.0.0.6
! permit src=network:small_customer_trans1; dst=network:small_customer_trans1; srv=auto_srv:OSPF;
 permit 89 172.17.1.0 0.0.0.3 172.17.1.0 0.0.0.3
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.12 0.0.0.3 eq 80
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.16 0.0.0.3 eq 80
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.10 0.0.0.1 eq 80
! permit src=network:small_customer_trans1; dst=network:management; srv=auto_srv:ip;
 permit ip 172.17.1.0 0.0.0.3 10.1.11.0 0.0.0.255
! permit src=network:small_customer_trans2; dst=network:management; srv=auto_srv:ip;
 permit ip 172.17.1.4 0.0.0.3 10.1.11.0 0.0.0.255
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:small.small_customer_trans2
ip access-list extended Serial1_in
! permit src=network:0/0; dst=interface:small.small_customer_trans1; srv=service:ping;
 permit icmp any host 172.17.1.1 8
! permit src=network:0/0; dst=interface:small.small_customer_trans1; srv=service:pong;
 permit icmp any host 172.17.1.1 0
! permit src=network:0/0; dst=interface:small.small_customer_trans2; srv=service:ping;
 permit icmp any host 172.17.1.5 8
! permit src=network:0/0; dst=interface:small.small_customer_trans2; srv=service:pong;
 permit icmp any host 172.17.1.5 0
! permit src=network:small_customer_trans2; dst=auto_network:OSPF_multicast5; srv=auto_srv:OSPF;
 permit 89 172.17.1.4 0.0.0.3 host 224.0.0.5
! permit src=network:small_customer_trans2; dst=auto_network:OSPF_multicast6; srv=auto_srv:OSPF;
 permit 89 172.17.1.4 0.0.0.3 host 224.0.0.6
! permit src=network:small_customer_trans2; dst=network:small_customer_trans2; srv=auto_srv:OSPF;
 permit 89 172.17.1.4 0.0.0.3 172.17.1.4 0.0.0.3
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.12 0.0.0.3 eq 80
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.16 0.0.0.3 eq 80
! permit src=host:pamela; dst=host:extranet; srv=service:http;
 permit tcp host 125.1.2.33 10.20.1.10 0.0.0.1 eq 80
! permit src=network:small_customer_trans1; dst=network:management; srv=auto_srv:ip;
 permit ip 172.17.1.0 0.0.0.3 10.1.11.0 0.0.0.255
! permit src=network:small_customer_trans2; dst=network:management; srv=auto_srv:ip;
 permit ip 172.17.1.4 0.0.0.3 10.1.11.0 0.0.0.255
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

! interface:small.service_lan
ip access-list extended FastEthernet0_in
! permit src=network:0/0; dst=interface:small.service_lan; srv=service:ping;
 permit icmp any host 10.10.1.4 8
! permit src=network:0/0; dst=interface:small.service_lan; srv=service:pong;
 permit icmp any host 10.10.1.4 0
! permit src=network:management; dst=interface:small.service_lan; srv=auto_srv:ip;
 permit ip 10.1.11.0 0.0.0.255 host 10.10.1.4
! deny src=network:0/0; dst=interface:small.small_customer_trans1; srv=auto_srv:ip;
 deny ip any host 172.17.1.1
! deny src=network:0/0; dst=interface:small.small_customer_trans2; srv=auto_srv:ip;
 deny ip any host 172.17.1.5
! permit src=network:management; dst=network:small_customer_trans1; srv=auto_srv:ip;
 permit ip 10.1.11.0 0.0.0.255 172.17.1.0 0.0.0.3
! permit src=network:management; dst=network:small_customer_trans2; srv=auto_srv:ip;
 permit ip 10.1.11.0 0.0.0.255 172.17.1.4 0.0.0.3
! deny src=network:0/0; dst=network:0/0; srv=auto_srv:ip;
 deny ip any any

interface Serial0
 ip access-group Serial0_in in
interface Serial1
 ip access-group Serial1_in in
interface FastEthernet0
 ip access-group FastEthernet0_in in

! [ END router:small ]

