cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
701
Views
0
Helpful
5
Replies

Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

poh
Level 1
Level 1

I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...

(PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)

I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.

Any advice appreciated.

5 Replies 5

didyap
Level 6
Level 6

Check this URL for details on Content filtering with PIX and CE with Smart filter. http://www.securecomputing.com/index.cfm?sKey=1152

thanks...already read through that one along with others at that site

Also interested to know more about these NM's in 3600s. I'm completey green on Cisco CE technology/software but have a basic grasp on wccp concept. I guess these NM-CEs run an OS (BSD?); what is the maintenance overhead, easy to configure? etc. etc.

What would be nice would be for someone who's done this before to kindly do a quick pros & cons table.

TIA!

scurry
Level 1
Level 1

I thought this might help.

Easy NM-CE Configuration Guide!

Router IOS:c3725-ik9o3s-mz.122-15.T2

Content Engine Software: ACNS 5.0.3.5

Configure basic router configuration as normal.

Set the IP addresses for the Service Module (Content-Engine) using these commands:

interface Content-Engine2/0

ip address 10.1.1.1 255.255.255.0

ip nat inside

service-module external ip address 10.0.0.1 255.255.255.0

service-module ip address 10.1.1.2 255.255.255.0

service-module ip default-gateway 10.1.1.1

!

Complete Config Example (DHCP and NAT for Lab):

urrent configuration : 2440 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname lab3745_NM-CE

!

logging queue-limit 100

enable password cisco

!

ip subnet-zero

ip wccp web-cache

!

!

!

ip dhcp pool NM-ESW-16-POOL

network 10.1.2.0 255.255.255.0

domain-name cisco.com

default-router 10.1.2.1

dns-server 171.68.226.120 171.70.168.183

lease 7

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

!

!

!

!

!

!

!

no voice hpi capture buffer

no voice hpi capture destination

!

!

mta receive maximum-recipients 0

!

!

!

!

interface FastEthernet0/0

ip address 172.16.12.108 255.255.255.0

ip wccp web-cache redirect out

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet1/0

no ip address

!

interface FastEthernet1/1

no ip address

!

interface FastEthernet1/2

no ip address

!

interface FastEthernet1/3

no ip address

!

interface FastEthernet1/4

no ip address

!

interface FastEthernet1/5

no ip address

!

interface FastEthernet1/6

no ip address

!

interface FastEthernet1/7

no ip address

!

interface FastEthernet1/8

no ip address

!

interface FastEthernet1/9

no ip address

!

interface FastEthernet1/10

no ip address

!

interface FastEthernet1/11

no ip address

!

interface FastEthernet1/12

no ip address

!

interface FastEthernet1/13

no ip address

!

interface FastEthernet1/14

no ip address

!

interface FastEthernet1/15

no ip address

!

interface Content-Engine2/0

ip address 10.1.1.1 255.255.255.0

ip nat inside

service-module external ip address 10.0.0.1 255.255.255.0

service-module ip address 10.1.1.2 255.255.255.0

service-module ip default-gateway 10.1.1.1

!

interface Vlan1

ip address 10.1.2.1 255.255.255.0

ip nat inside

!

ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254

ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24

ip nat inside source list 7 pool TEST-NAT-POOL overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.12.254

!

!

!

access-list 7 permit 10.1.2.0 0.0.0.255

access-list 7 permit 10.1.1.0 0.0.0.255

access-list 7 permit 10.0.0.0 0.0.0.255

!

!

call rsvp-sync

!

!

mgcp profile default

!

!

!

dial-peer cor custom

!

!

!

!

!

line con 0

speed 115200

line 65

flush-at-activation

no activation-character

no exec

transport input all

line aux 0

line vty 0 4

password cisco

login

!

end

reset service-module 2 to reboot the Content-Engine:

service-module content-Engine 2/0 reload

Within 30 Seconds Session from the Router to the Service Module:

service-module content-engine session

Enter Basic Configuration for Network Module:

Password, etc…

Configure The service Modeule using the command line interface:

hostname NM-CE-BP

!

!

!

!

!

!

ip domain-name CISCO.COM

!

!

!

!

interface FastEthernet 0/0

ip address 10.0.0.1 255.255.255.0

exit

interface FastEthernet 0/1

ip address 10.1.1.2 255.255.255.0

exit

!

!

ip default-gateway 10.1.1.1

!

primary-interface FastEthernet 0/1

!

!

!

!

!

ip name-server 172.72.1.1

!

!

!

!

!

!

!

!

!

wccp router-list 1 172.16.12.108

wccp web-cache router-list-num 1

wccp version 2

!

!

!

!

!

!

username xxx password xxxx

username xxxx privilege 15

!

!

!

!

authentication login local enable primary

authentication configuration local enable primary

!

!

!

!

!

!

NM-CE-BP#exit

You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

thanks. the configs help a lot

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: