Specifications
Appendix B: Network IP Topology
Non-NATed DMZ Configuration
Page B-34 Mitel
®
5000 Installation Manual – Issue 3.0, October 2008
Each VLAN performs as a port on the router with its own IP address. Access policies are
applied to each interface. The access policies are defined further below.
interface vlan 1
ip address 192.168.1.1 255.255.255.0
access-policy Private
no shutdown
interface vlan 2
ip address 208.132.23.64 255.255.255.192
no shutdown
!
• In this example, the connection is to the Internet with a T1. Set up the IP address and
apply the access policy (defined further below).
interface t1 1/1
clock source line
tdm-group 1 timeslots 1-24 speed 64
ip address 208.13.17.33 255.255.255.252
access-policy Public
no shutdown
• The following commands define access lists for the different traffic types. Defining the lists
does not have any effect until they are applied to the interfaces.
ip access-list extended web
permit ip any any
ip access-list extended Voice
permit udp any host 208.132.23.66 range 6004 6247 log
ip access-list extended ITP
permit tcp any host 208.132.23.66 eq 5566 log
permit udp any host 208.132.23.66 eq 5567 log
ip access-list extended InterTelNetworking
permit tcp any host 208.132.23.66 eq 5570 log
• The following commands define the policies for the different interfaces. Each policy can
specify more than one access list. In the Public policy-class, allow the voice ports, the ITP
(endpoint) ports, and the Networking ports.
ip policy-class DMZ
allow list web
!
ip policy-class Private
allow list self self
allow list wizard-ics
!
ip policy-class Public
allow list Voice
allow list ITP
allow list InterTelNetworking