既設ルータの設定を若干変更の上で、このコンフィグを一部改変すればバリアセグメント用になりそう(笑)
security class 1 on on
ip routing on
ip route default gateway 192.168.0.254
ip filter source-route on
ip filter directed-broadcast on
lan type lan1 auto auto-crossover=off
ip lan1 address 172.25.21.254/16
lan type lan2 auto auto-crossover=off
ip lan2 address 192.168.0.1/24
ip lan2 secure filter in 11 12 21 22 2000
ip lan2 secure filter out 1 2 3 4 5 6 3000 dynamic 101 102 103 104 105 106 107
ip lan2 nat descriptor 2
lan type lan3 auto auto-crossover=off
ip lan3 address 192.168.101.1/24
ip filter 1 reject * * udp,tcp 135 *
ip filter 2 reject * * udp,tcp * 135
ip filter 3 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 4 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 5 reject * * udp,tcp 445 *
ip filter 6 reject * * udp,tcp * 445
ip filter 11 reject 192.168.101.0/24 *
ip filter 12 reject 172.25.0.0/16 *
ip filter 21 pass * 192.168.101.0/24 icmp
ip filter 22 pass * 172.25.0.0/16 icmp
ip filter 2000 reject * *
ip filter 3000 pass * *
ip filter dynamic 101 * * ftp
ip filter dynamic 102 * * www
ip filter dynamic 103 * * domain
ip filter dynamic 104 * * smtp
ip filter dynamic 105 * * pop3
ip filter dynamic 106 * * tcp
ip filter dynamic 107 * * udp
nat descriptor type 2 masquerade
nat descriptor address outer 2 primary
nat descriptor address inner 2 auto
nat descriptor masquerade incoming 2 reject
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 172.25.1.1-172.25.1.100/16
dhcp scope 2 192.168.101.1-192.168.101.100/24
dns service recursive
dns server 192.168.0.254
schedule at 1 */Sun 00:11 * ntpdate ntp.nict.jp syslog
