配置如下:
6 l4 {0 Q! \* i: [( ]9 n0 p& z
5 h) k p2 M# r+ ^9 J- X5 spix(config)# sho ve
/ `; y, ~0 ~9 Y5 z7 ^6 L& k2 O/ R
) V/ L% o+ d8 h$ @1 d/ j1 oCisco PIX Firewall Version 6.3(4). e8 Z) y1 {' A5 u2 o
Cisco PIX Device Manager Version 3.0(4)0 s& i4 \8 s0 d6 }6 S; X/ c
9 s2 e. S) _; b T' _" n' C; j2 A
Compiled on Fri 02-Jul-04 00:07 by morlee
; I. _: y" D, W6 `# m" G. A
2 F# G! @4 X) t' I8 i- S' ^: lpix up 4 days 15 hours! W, F* ~6 [/ F# z
: I2 }& [% ^3 {4 p8 {- R' wHardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
% o6 @4 \$ g: _. B- i. qFlash E28F128J3 @ 0x300, 16MB' q7 t1 V. T/ `/ @+ Y$ j
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
8 m- |. z! `& v# Q8 R- |% [" \# b- [) N1 B; @0 g6 d
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
4 r1 y9 r6 o: [. j* [7 ?/ I0: ethernet0: address is 0018.4710.508f, irq 10; B. B9 e$ j* s) M7 V8 K
1: ethernet1: address is 0018.4710.508e, irq 11* L# S* y& m0 ]2 ^0 @
Licensed Features:# ?6 ], b. X& k' ]+ s' }1 R- h' p
Failover: Enabled
1 y7 S3 k% ~2 x `8 T* TVPN-DES: Enabled
0 q7 v. q. L O% B' _9 U* gVPN-3DES-AES: Enabled9 U' W, F3 b" e; F! ^5 @/ r
Maximum Physical Interfaces: 63 |, b2 v( g5 r- h* A4 E
Maximum Interfaces: 104 _; `9 }) O! T& X1 n8 U% N
Cut-through Proxy: Enabled
- ~2 B% ^& K+ A+ g5 fGuards: Enabled
1 n, }; }5 Q7 h; rURL-filtering: Enabled
$ E N5 m, t( k% m* sInside Hosts: Unlimited
8 _3 a. q8 d2 y+ T7 `, B* v/ C8 eThroughput: Unlimited$ q8 p. _! f! m/ l1 X2 s, B
IKE peers: Unlimited0 H4 `4 o9 S# `, r% u
8 f. z& E. r' @* Z( q8 f; T/ lThis PIX has an Unrestricted (UR) license. Z8 R* {* J+ W+ Y8 }$ E# O
7 Z0 y; `% l. g+ q6 J% ~Serial Number: 809302119 (0x303cf867)2 e, A1 E# v) R
Running Activation Key: 0xa439af0b 0x395b320b 0xaca264a9 0x6f868595# n) O5 q" K* q& Y' L' v. I
Configuration last modified by enable_15 at 07:50:52.848 UTC Sun May 6 2012& U% L$ ]) w3 u/ @3 @" ~
# M( b% A- e+ s* g7 Q
# p2 A: c4 E: E' V" U3 Kpix(config)# sho run
5 l/ Y# q3 @! c: Saved! J2 ~6 q1 `( c, v# M# Q5 b" m
:
$ k7 F3 }2 _# i4 y9 z e! j# H2 mPIX Version 6.3(4)
- z" G& n: `5 O8 h6 H3 Hinterface ethernet0 auto" j+ X0 r/ n6 i
interface ethernet1 auto5 i, W% C2 o6 c( S
nameif ethernet0 outside security0, i+ e) t" L. X7 {! X1 n4 k+ [
nameif ethernet1 inside security100
2 D O" D$ d/ O* E k, a2 R. x" penable password 2KFQnbNIdI.2KYOU encrypted. R; e9 c, m8 @- Z# U+ z
passwd 2KFQnbNIdI.2KYOU encrypted
& E" h# D4 G: h' G4 V1 ?hostname pix0 Z2 f. o# E/ l: C; Z0 U
domain-name cisco
- \# l; j. F; m5 rfixup protocol dns maximum-length 512
9 f/ S+ g& ?& s$ S8 cfixup protocol ftp 21
$ W' F6 c3 n; t9 ffixup protocol h323 h225 1720+ x5 B8 V3 T$ m8 p& {
fixup protocol h323 ras 1718-1719
( e$ u5 F. e4 z1 q+ rfixup protocol http 80
2 I; u% F$ o: I2 C" c% Hfixup protocol pptp 1723
9 G. j V" C- K6 u, ~: Ufixup protocol rsh 5149 m9 P) }$ E r2 V
fixup protocol rtsp 554
! S5 C$ d9 |9 o+ J0 Q+ n- G8 Vfixup protocol sip 50608 D" w+ C6 H+ f, z7 R
fixup protocol sip udp 5060
V8 R/ n& u) Z% {/ I) N g9 ^fixup protocol skinny 2000
4 u( T8 O& {: W0 b3 {fixup protocol smtp 25
/ f' M" p @# o# D7 W; a; ~fixup protocol sqlnet 1521
. l1 m. `0 r7 a3 N/ m' Mfixup protocol tftp 69' M' R% P* \, v$ ?
names- w1 u r* K4 ~% E4 `3 _% B
pager lines 24' G, B- p% g2 K" s
logging on
; W% ?$ d* t5 L, U0 Tlogging facility 233 g8 B3 @$ }+ w* N" G1 A& Q
logging host inside 192.168.3.201' O* }2 l/ f) M5 n( T) ]2 S
mtu outside 1500' a% i9 Y8 b2 Y1 _1 y
mtu inside 1500
- f& U& t5 n+ r0 dip address outside 218.56.99.2 255.255.255.248
+ p7 T6 }2 `3 e2 B! T7 a( }ip address inside 192.168.2.249 255.255.255.0
S: M N, q1 Lip audit info action alarm9 @$ u, H8 V+ e( f. \
ip audit attack action alarm$ _* B+ g) k; {$ \; J
no failover
. I0 o J9 T2 H0 efailover timeout 0:00:002 X, `+ _* Y6 ?, E- ]# e
failover poll 15
. @6 G$ D, ]. `% `no failover ip address outside* L9 F7 K7 v d. T$ }
no failover ip address inside4 b% b [5 l' L2 c/ l
pdm history enable! c6 m0 ^2 U' o
arp outside 192.168.3.4 0010.dcce.ef3f alias; e8 i; _. J2 _
arp inside 192.168.3.8 0050.baf4.9c6e alias7 p+ v2 g# F$ ^% V! c* _- J/ _; r
arp inside 192.168.3.4 0010.dcce.ef3f alias
. d3 `& }- s/ i) J& O/ q, O9 Aarp timeout 4
- a6 s. I; j6 l8 wglobal (outside) 1 218.56.99.36 E$ u5 _/ k& I5 H
nat (inside) 1 192.168.3.6 255.255.255.255 0 0/ m7 Y' ]8 ?" k, V
nat (inside) 1 192.168.3.22 255.255.255.255 0 0
5 E4 M! F2 H4 S: m9 `nat (inside) 1 192.168.3.143 255.255.255.255 0 0! \ w/ J. {1 m
nat (inside) 1 192.168.3.150 255.255.255.255 0 0
8 g/ P3 s+ |: S- ~( Rnat (inside) 1 192.168.5.0 255.255.255.0 0 0
$ k8 r. P" ~4 U; _( lnat (inside) 1 192.168.8.0 255.255.255.0 0 0# o% @" E$ |+ x5 O
nat (inside) 1 192.168.9.0 255.255.255.0 0 0
( n1 z9 R) r# L( \static (inside,outside) 218.56.99.5 192.168.5.4 netmask 255.255.255.255 0 0- ?. g% U( `- g4 k( X3 `) ~
static (inside,outside) 218.56.99.6 192.168.5.240 netmask 255.255.255.255 0 0
w: C4 p; g; w, {$ p- f( Fconduit permit icmp any any2 X1 V6 j1 m" X9 C* J
conduit permit tcp any any
x: {+ w3 D% A* }* h( g6 Nconduit permit udp any any+ u3 S- b, J( v) ^: f
outbound 2 permit 0.0.0.0 0.0.0.0 441-450 tcp
1 c2 M) x7 @5 J) S6 Coutbound 2 permit 0.0.0.0 0.0.0.0 802 tcp
: w" ?+ `9 f! g V; O8 xoutbound 2 permit 0.0.0.0 0.0.0.0 1040 udp
5 p7 @) c3 {1 b' }4 l% }outbound 2 permit 0.0.0.0 0.0.0.0 1056 udp6 t2 T/ \- o" D! w8 Q% I! P
outbound 2 permit 0.0.0.0 0.0.0.0 1433 tcp N/ e9 K5 |; d# t9 F2 b. L: w
outbound 2 permit 0.0.0.0 0.0.0.0 1433 udp1 `# C M! o7 p
outbound 2 permit 0.0.0.0 0.0.0.0 1587 tcp: S3 M7 f% F9 o4 J, T; p2 r
outbound 2 permit 0.0.0.0 0.0.0.0 2000-2020 tcp9 P) x6 ]) q% q
outbound 2 permit 0.0.0.0 0.0.0.0 3000-3070 tcp) s: D( N' {" \) o' I
outbound 2 permit 0.0.0.0 0.0.0.0 3080-3300 tcp
& s6 _& J8 s9 e8 ooutbound 2 permit 0.0.0.0 0.0.0.0 3724 tcp
& p" Z, O( q6 y: Z+ H7 eoutbound 2 permit 0.0.0.0 0.0.0.0 3730-3780 tcp
+ q, F3 O1 x, |outbound 2 permit 0.0.0.0 0.0.0.0 4433 tcp& o( y9 l* b7 `1 F" X3 x5 [: D* G
outbound 2 permit 0.0.0.0 0.0.0.0 4447 tcp
- p5 t7 E& u; C l, L, L( Joutbound 2 permit 0.0.0.0 0.0.0.0 4448 tcp
4 N) @5 Z) N, c. h9 coutbound 2 permit 0.0.0.0 0.0.0.0 6000-6030 tcp
3 H [4 j0 t# \6 Uoutbound 2 permit 0.0.0.0 0.0.0.0 7000 tcp7 H8 Q- O4 z1 ]" u6 x: X- _
outbound 2 permit 0.0.0.0 0.0.0.0 7001 tcp/ M9 m! o. L$ u/ @
outbound 2 permit 0.0.0.0 0.0.0.0 7708-7711 tcp7 j+ q$ r' ~3 N5 ^8 z5 ^: `
outbound 2 permit 0.0.0.0 0.0.0.0 8000 tcp) V# c: v% D/ g, m/ l
outbound 2 permit 0.0.0.0 0.0.0.0 8002 tcp$ A/ k( b# U ], d6 a
outbound 2 permit 0.0.0.0 0.0.0.0 8080 tcp
; L6 X, m" z+ u8 w) G' k1 Voutbound 2 permit 0.0.0.0 0.0.0.0 8081 tcp
7 h6 U, |3 r% {/ g9 c: O, noutbound 2 permit 0.0.0.0 0.0.0.0 8082 tcp
8 M* L9 J' l! y9 F9 X0 b& Noutbound 2 permit 0.0.0.0 0.0.0.0 8083 tcp. q8 N8 D$ J) f3 a; D* Q, \
outbound 2 permit 0.0.0.0 0.0.0.0 8088 tcp& M w h% F- [- y# W
outbound 2 permit 0.0.0.0 0.0.0.0 8405 tcp
) S! `' H0 R7 h, Y& I& poutbound 2 permit 0.0.0.0 0.0.0.0 8410 tcp
' k4 |! P; o# J# T- c4 `/ foutbound 2 permit 0.0.0.0 0.0.0.0 8601 tcp0 \" R: V F; {$ b/ J% t' y+ y. p
outbound 2 permit 0.0.0.0 0.0.0.0 9080 tcp
+ m3 _, N5 [* Q& c& x( D) U6 M( i: uoutbound 2 permit 0.0.0.0 0.0.0.0 9902 tcp
, L7 v) c5 z/ [6 Goutbound 2 permit 0.0.0.0 0.0.0.0 9902 udp* W+ M. S3 W3 e6 O- E6 h, S
outbound 2 permit 0.0.0.0 0.0.0.0 14034 tcp3 y* E/ Q3 c6 s3 q i
outbound 2 permit 0.0.0.0 0.0.0.0 22223 tcp6 E/ A) E) S0 U; x5 V8 O2 B' Y; o
outbound 2 permit 0.0.0.0 0.0.0.0 51088 tcp
& v( L( w" x, koutbound 2 permit 0.0.0.0 0.0.0.0 58703 tcp
, W+ n. Q- R3 _2 i- W( Coutbound 2 permit 0.0.0.0 0.0.0.0 58703 udp
9 e7 [; Z( R7 r7 ]outbound 2 permit 0.0.0.0 0.0.0.0 60001 tcp0 Y+ s- z) M4 R( ]
outbound 2 permit 0.0.0.0 0.0.0.0 3389 tcp
$ K- J3 w) G i' B8 Woutbound 2 permit 0.0.0.0 0.0.0.0 2099 tcp
5 R/ o$ I% g' {( U O1 A+ @outbound 2 permit 0.0.0.0 0.0.0.0 2410 udp% v8 a( q! O8 _' ]2 ]+ l
outbound 2 permit 0.0.0.0 0.0.0.0 8383 tcp+ C' x0 \. O8 f2 X* u7 m2 r7 ^
outbound 2 permit 0.0.0.0 0.0.0.0 8821 tcp5 x( ?# Q* }6 e7 t2 h
outbound 2 permit 0.0.0.0 0.0.0.0 8821 udp# g- w" p3 B# O. `
outbound 2 permit 0.0.0.0 0.0.0.0 3389 udp
& J3 z8 i# b' W/ @' j( s2 S) goutbound 2 permit 0.0.0.0 0.0.0.0 8089 tcp
; W0 \0 n' v e' X- _1 Y' voutbound 2 permit 0.0.0.0 0.0.0.0 8089 udp) ~' F9 I6 V6 }! D e
outbound 2 permit 0.0.0.0 0.0.0.0 4370 tcp$ G) P1 W! b; O5 ~
outbound 2 permit 0.0.0.0 0.0.0.0 51573 tcp Z: P* g( u8 d% ^" `* i; E
outbound 2 deny 0.0.0.0 0.0.0.0 3000-65535 tcp
' ]) O; K* ~' P0 h2 P/ w7 houtbound 2 permit 0.0.0.0 0.0.0.0 27010-27025 udp+ |7 r& u9 J( U
apply (inside) 2 outgoing_src3 m$ y& [$ Z0 \" d1 c
apply (inside) 2 outgoing_dest" l, ~0 y, R. y d- q. r
rip outside passive version 1
; }# N) V) K' Y) C: Wrip inside default version 1- f5 Z. F9 [# X
route outside 0.0.0.0 0.0.0.0 218.56.99.1 1; h2 z o# v+ } G: I+ q
route inside 192.168.3.0 255.255.255.0 192.168.2.254 1- \/ `4 `6 D9 u
route inside 192.168.5.0 255.255.255.0 192.168.2.254 1% R( J. X; r! t) F6 Q
route inside 192.168.8.0 255.255.255.0 192.168.2.254 1
( w1 S' q9 ?3 e2 f" D6 Rroute inside 192.168.9.0 255.255.255.0 192.168.2.254 10 l2 F3 f8 k7 K2 W6 K" n& K i
timeout xlate 3:00:00( u3 ?: y1 S0 a% L
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:005 Q6 k' s& K N9 g
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00$ P' i/ `6 M5 s9 g) b. a
timeout uauth 0:05:00 absolute o* Q1 y3 L) |9 F2 G& j8 y
aaa-server TACACS+ protocol tacacs+
6 m& M6 A5 `3 \" D+ e' y. |8 Vaaa-server TACACS+ max-failed-attempts 3) T4 ^$ j/ Y( o) f
aaa-server TACACS+ deadtime 10
" N0 g' P6 a8 a. k iaaa-server RADIUS protocol radius, l K# R3 Z6 J# @: c5 v! x N
aaa-server RADIUS max-failed-attempts 3
) V% [4 [" `3 t) F6 h6 Eaaa-server RADIUS deadtime 10
" l) |2 ]7 |+ ]7 x3 T0 e9 Iaaa-server LOCAL protocol local
9 N. l- F) [6 X1 Ohttp server enable* o* A6 c- D c- L: w4 ]
http 192.168.2.249 255.255.255.255 inside
! k' M' K; {; Q4 f1 Bno snmp-server location1 B0 o/ w0 L' x4 e9 m
no snmp-server contact
5 _5 \. C+ V0 q. i( Rsnmp-server community public
$ R6 _! X6 p0 O/ C9 s2 W. k+ kno snmp-server enable traps2 \. c" T: j' |. E
floodguard enable- U* F) }; k6 K. H" p* E
telnet 192.168.3.0 255.255.255.0 inside
# c8 h8 q' Z Y/ g6 dtelnet 192.168.5.0 255.255.255.0 inside J" B' b0 m& v6 ~' s
telnet 192.168.8.0 255.255.255.0 inside
$ ]2 a4 u) Y' w$ Stelnet 192.168.9.0 255.255.255.0 inside. g. F. \# a, n( F5 p
telnet timeout 15
, ^8 m$ m/ {+ vssh timeout 5' c% h, S: K3 Y& @
console timeout 08 Z" y9 W6 d9 ?0 W" e) d9 j
username test password P4ttSyrm33SV8TYp encrypted privilege 15
9 D9 V n! X( C6 b0 K% Eterminal width 808 a& j! X( L3 M' q" x. O( n) ^4 ?
Cryptochecksum:5609d67bfcf32c90ff81e05f7fc1e694
. o; p" Y; D" v% v9 ] Z9 b4 l5 U: end2 g3 i5 ?* L$ R+ c' k9 [* E
) q/ w3 D; V& _
9 k/ j$ O S+ y4 C' E u: q; x8 h+ ^: P2 l ^: S
; |8 c- L, Y8 g9 o K
; n% A# y, I) w/ o4 R: F' ^) y: A
; @6 r9 I7 b5 u3 ?1 G. t
. c" q& M; d% i# s
3 t- l' H/ F( |/ N$ D" P) P5 u哪位大大能详细说下? |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
