
刚入行,请高手指教:! x+ t; B$ a% ~. E& ]" D C
1 J/ O) R$ B2 m
PIX防火墙E0(outside) 接外网光纤,E1(inside) 接内网一台电脑192.168.81.57 S' H5 S% L" \- }) J
配置如下:" z9 f3 Y! L. U2 d& a, T6 ^ T
PIX Version 6.3(1)0 C- I$ t3 T6 G* e( W
inte**ce ethernet0 auto! v; Z4 X9 C: d/ C8 L! F
inte**ce ethernet1 auto- p+ j$ V" p1 S
inte**ce ethernet2 auto shutdown
1 D* R- q3 O) Z& z- p. {nameif ethernet0 outside security0
, Y6 i$ A" M2 ~6 B! w( Q5 X7 K+ ]nameif ethernet1 inside security100
) ^# @' o0 ~5 a: D+ K y4 f! L1 Unameif ethernet2 intf2 security4
/ e2 H$ }4 F0 J) ?1 jenable password 8Ry2YjIyt7RRXU24 encrypted
# t* G2 r7 {' }" h, O% ^passwd 2KFQnbNIdI.2KYOU encrypted' F5 Z4 k W# M
hostname PIX515
( t5 [7 W; y; \7 j6 ?) Ufixup protocol ftp 21
5 Z t4 i' v% j1 J1 r( K- k& xfixup protocol h323 h225 17205 f& \5 ]5 ^# ^2 V) x4 V
fixup protocol h323 ras 1718-1719) g6 a% d; ~9 a2 u$ p# ?5 I
fixup protocol http 80. s! s: ^* h* j, ?
fixup protocol ils 389/ C* v4 t) C, z5 Y! c- F
fixup protocol rsh 514
: p- h X1 j- S [fixup protocol rtsp 554
( I! K( y9 ]% i" O+ w1 G9 ]) Yfixup protocol sip 50602 o+ R' V1 c' J3 C7 r
fixup protocol sip udp 5060
# Q- e% J7 ~1 Z& d% Dfixup protocol skinny 2000
' D, {3 ]5 z Q: [1 z; U( j: ^fixup protocol smtp 25
! f: A) s& O9 [% |, L sfixup protocol sqlnet 1521 ?; t; B+ d, _4 [, `, p
names 6 ]# F1 g0 |! N3 D! x/ l* X# N
pager lines 246 I# |4 S A# A: z
icmp permit any outside
7 U/ k+ i; t4 n- ~: Q4 eicmp permit any inside
( k! c, R1 J; x- g/ V: J9 Smtu outside 1500
% j) p7 g% ]4 `! q! `! i- S! N) {mtu inside 15004 V% E5 V& K8 Q2 l1 U5 }
mtu intf2 1500
9 x) x1 c& \: N- _ Fip address outside 110.86.8.234 255.255.255.2488 B3 L" R8 b# k
ip address inside 192.168.81.5 255.255.255.02 y. G' d- i3 X) H( S1 N( |
no ip address intf2
# n% B) m: E+ F# T& Y5 w! Qip audit info action alarm
5 v+ m9 g1 S' A2 v) zip audit attack action alarm& l# U! L* j& q9 V8 N% H
no failover k% Q: s W( j- [! b; q
failover timeout 0:00:00
& G7 `- @$ b, S7 h5 \& @' P% ^3 Xfailover poll 15
. ]8 Z6 t+ v, R% t( P) b: I- ^no failover ip address outside
; u6 ~9 D% X, ~: G) T3 Ano failover ip address inside6 _, e4 `- g- V S& W
no failover ip address intf2
* g/ s! d$ D$ \% w3 J- A& n7 A" dpdm history enable [2 X+ y3 [$ o, c
arp timeout 14400) g$ U6 ^3 b& q
global (outside) 1 inte**ce- n; [- R$ \* L
nat (inside) 1 0.0.0.0 0.0.0.0 0 0. ]( z4 o% N+ Q" [+ F; \7 _" Z% M& a2 m
route outside 0.0.0.0 0.0.0.0 110.86.8.233 1* y/ S) e0 T! x5 ]
timeout xlate 3:00:00
7 X- t1 T9 x4 ^9 h4 ^0 @timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00- i, _" q' v' ~5 b! k7 X% P
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00- |5 g! w4 U- k5 W* u( s5 b* ?
timeout uauth 0:05:00 absolute% F1 ^+ s- V% ~ T- B5 R& m" j
aaa-server TACACS+ protocol tacacs+
1 i6 e( W: p9 ?aaa-server RADIUS protocol radius
" N% N5 [. ?1 u" L/ R5 F5 Faaa-server LOCAL protocol local # z) M% P1 J5 B# M4 s5 b
no snmp-server location" q% b$ x; H! [
no snmp-server contact9 O. f# x0 T2 y9 i8 Y q! r$ W. q
snmp-server community public
2 @, R; H' U5 s2 E* F8 S( j+ Mno snmp-server enable traps6 O( ~' c. r0 F: C- D4 W+ v* r
floodguard enable5 a5 R+ _. [( q, E
telnet timeout 5
2 O4 ] J: R' H# W# h- c8 Wssh timeout 5
4 w6 c4 w7 H( F( P# Y+ oc**ole timeout 0
K! Z/ e k* L5 vterminal width 80
. b! K K3 n5 L2 e) XCryptochecksum:d41d8cd98f00b204e9800998ecf8427e
, q' I9 y! m7 |4 \7 F: end+ I$ s/ |) |! \0 {6 Q2 ?, v
+ e; J+ `5 E) S }2 J( GNAT不通(内网电脑不能上外网),请高手指教 |
|