;
;  This is automatically generated file. DO NOT MODIFY !
;
;  Firewall Builder  fwb_procurve_acl v4.2.0.3499
;
;  Generated Fri Mar 11 12:20:05 2011 PST by vadim
;
; Compiled for procurve_acl K.13
;
;# files: * testhp1.fw
;



;
; Prolog script:
;

;
; End of prolog script:
;



interface a1
  no ip access-group a1_in in
exit
no ip access-list extended a1_in

interface a1
  no ip access-group a1_out out
exit
no ip access-list extended a1_out

interface a2
  no ip access-group a2_in in
exit
no ip access-list extended a2_in

interface a2
  no ip access-group a2_out out
exit
no ip access-list extended a2_out

interface b1
  no ip access-group b1_in in
exit
no ip access-list extended b1_in

interface b1
  no ip access-group b1_out out
exit
no ip access-list extended b1_out

interface b2
  no ip access-group b2_in in
exit
no ip access-list extended b2_in

interface b2
  no ip access-group b2_out out
exit
no ip access-list extended b2_out

no vlan 10 ip access-group vlan_10_in in
no ip access-list extended vlan_10_in

no vlan 10 ip access-group vlan_10_out out
no ip access-list extended vlan_10_out

no vlan 20 ip access-group vlan_20_in in
no ip access-list extended vlan_20_in

no vlan 20 ip access-group vlan_20_out out
no ip access-list extended vlan_20_out

no vlan 401 ip access-group vlan_401_in in
no ip access-list extended vlan_401_in

no vlan 401 ip access-group vlan_401_out out
no ip access-list extended vlan_401_out

no vlan 402 ip access-group vlan_402_in in
no ip access-list extended vlan_402_in

no vlan 402 ip access-group vlan_402_out out
no ip access-list extended vlan_402_out

no vlan 40 ip access-group vlan_40_in in
no ip access-list extended vlan_40_in

no vlan 40 ip access-group vlan_40_out out
no ip access-list extended vlan_40_out

; ================ IPv4


ip access-list extended a1_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  21 (a1)
  permit ip  any  10.10.10.0 0.0.0.255 
; 
; Rule  22 (a1,a2)
  permit ip  any  10.10.10.0 0.0.0.255 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended a1_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended a2_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  22 (a1,a2)
  permit ip  any  10.10.10.0 0.0.0.255 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended a2_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended b1_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended b1_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended b2_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended b2_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_10_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  0 (vlan 10)
; anti-spoofing
  deny   ip  10.10.10.0 0.0.0.255 any  log 
  deny   ip  10.10.11.0 0.0.0.255 any  log 
  deny   ip  10.10.12.0 0.0.0.255 any  log 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  2 (vlan 20,vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  3 (testhp1 itf)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  4 (vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  7 (vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  10 (vlan 10)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_10_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  2 (vlan 20,vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  3 (testhp1 itf)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  4 (vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  10 (vlan 10)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_20_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  2 (vlan 20,vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  3 (testhp1 itf)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  5 (vlan 20)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  8 (vlan 20)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  11 (vlan 20)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_20_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  2 (vlan 20,vlan 10)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  3 (testhp1 itf)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  5 (vlan 20)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  11 (vlan 20)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_401_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_401_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_402_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_402_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_40_in
; 
; Rule  -1 backup ssh access rule (automatic)
  permit tcp  host 10.10.11.10 host 10.10.10.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.11.1 eq 22 
  permit tcp  host 10.10.11.10 host 10.10.12.1 eq 22 
; 
; Rule  1 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  6 (global)
  permit ip  any  10.10.10.0 0.0.0.255 
  permit ip  any  10.10.11.0 0.0.0.255 
  permit ip  any  10.10.12.0 0.0.0.255 
; 
; Rule  9 (global)
  permit ip  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.21.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.22.0 0.0.0.255 10.10.12.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.11.0 0.0.0.255 
  permit ip  22.22.23.0 0.0.0.255 10.10.12.0 0.0.0.255 
; 
; Rule  12 (global)
; interface ethernet1 has address on network 10.10.10.0/24,
; therefore net-10.10.10 is behind the router and we do
; not need to put rules 12-18 in outbound acl of eth0
  permit 47  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
  permit 51  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 
; 
; Rule  13 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 3 
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 11 
; 
; Rule  14 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 21 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 
; 
; Rule  15 (global)
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 4000 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 500 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 53 
; 
; Rule  16 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 established 
; 
; Rule  17 (global)
  permit tcp  22.22.21.0 0.0.0.255 eq 80 10.10.10.0 0.0.0.255 established 
; 
; Rule  18 (global)
  permit icmp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 0 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 179 
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 79 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 123 
  permit udp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 26000 
; 
; Rule  19 (global)
  permit tcp  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  20 (global)
  permit 50  22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255  
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit

ip access-list extended vlan_40_out
; 
; Rule  -2 backup ssh access rule (out) (automatic)
  permit tcp  host 10.10.10.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.11.1 eq 22 host 10.10.11.10 
  permit tcp  host 10.10.12.1 eq 22 host 10.10.11.10 
; 
; Rule  23 (global)
  deny   ip  any  any  log 
exit


interface a1
  ip access-group a1_in in
exit
interface a1
  ip access-group a1_out out
exit
interface a2
  ip access-group a2_in in
exit
interface a2
  ip access-group a2_out out
exit
interface b1
  ip access-group b1_in in
exit
interface b1
  ip access-group b1_out out
exit
interface b2
  ip access-group b2_in in
exit
interface b2
  ip access-group b2_out out
exit
vlan 10 ip access-group vlan_10_in in
vlan 10 ip access-group vlan_10_out out
vlan 20 ip access-group vlan_20_in in
vlan 20 ip access-group vlan_20_out out
vlan 401 ip access-group vlan_401_in in
vlan 401 ip access-group vlan_401_out out
vlan 402 ip access-group vlan_402_in in
vlan 402 ip access-group vlan_402_out out
vlan 40 ip access-group vlan_40_in in
vlan 40 ip access-group vlan_40_out out





;
; Epilog script:
;

; End of epilog script:
;