这是我的PIX的配置:, }! r' D; _! ]
7 o- P$ P& v6 `% t" xPIX Version 6.3(3). Y5 z* m3 s' Y1 a+ G% w' h
interface ethernet0 100full7 Y$ D6 R: B" A
interface ethernet1 100full
1 H* e F6 j0 ~( i8 D4 ~! i: X+ onameif ethernet0 outside security0* b% v- q8 g- u1 v. _! R
nameif ethernet1 inside security100+ g! J7 r; x: O y' e9 X3 w
enable password oQNkss9XSnAplJ.R encrypted
3 D( A. w0 i7 Y% X! ~passwd 2KFQnbNIdI.2KYOU encrypted) K, G( `: s% I# b
hostname csp-pix-1& s2 ^2 K: ~- W$ y
domain-name ciscopix.com7 I% C8 ]% G2 C2 b
fixup protocol dns maximum-length 512$ p; W; ^7 o7 h* G1 s
fixup protocol ftp 21- ]. C5 X! T. b1 V3 ?
fixup protocol h323 h225 1720
. [$ m; m) C5 M7 ], ^( kfixup protocol h323 ras 1718-1719
8 ^6 i+ |7 f; n( N1 S3 E7 R" [' {1 Ifixup protocol http 80
. }) e" P9 K6 D, f nfixup protocol rsh 514
~2 F) m$ ]! Ifixup protocol rtsp 554
1 X# s7 b) ~7 t( T6 }$ g& nfixup protocol sip 50601 y3 d: W6 |: U
fixup protocol sip udp 5060# c: p4 u9 I: m
fixup protocol skinny 2000
& m$ o' C7 T# f1 q$ E; G( \! V- pfixup protocol smtp 25! L! }! i4 n: ^
fixup protocol sqlnet 1521; N7 @; `! K* y" I
fixup protocol tftp 69. |$ W0 W: B* A" t+ m" v4 @
names
% j9 Q. \. k5 M/ a, raccess-list 101 permit ip host 192.168.2.1 host 10.10.2.232
$ K4 @- j3 p1 ]7 Q4 z7 [access-list 101 permit ip host 192.168.2.1 host 10.10.50.226. k3 p% Y, [4 _! z$ m
access-list 101 permit ip host 10.10.50.226 host 192.168.2.1" J- x4 Q( I$ K) Z5 f. @+ Y
access-list 101 permit ip host 10.10.2.232 host 192.168.2.1
& U; I1 r# N4 M1 W" Kaccess-list 101 permit ip host 192.168.3.5 host 10.10.2.232. ~* \% G$ `4 x t$ m
access-list 101 permit ip host 192.168.3.5 host 10.10.50.226: G0 ?# ]% i8 G5 M8 d: p
access-list 101 permit ip host 10.10.50.226 host 192.168.3.5
# ]5 s O( S5 Q4 U: F# Daccess-list 101 permit ip host 10.10.2.232 host 192.168.3.5
$ Y7 @9 u5 @4 Q7 L0 c3 Q6 Waccess-list 101 permit ip host 192.168.2.3 host 10.10.50.2269 W3 ]1 M( h" ]/ b( p- _
access-list 101 permit ip host 192.168.2.3 host 10.10.2.2321 \" R" A9 f) {9 y! Y$ U
access-list 101 permit ip host 10.10.2.232 host 192.168.2.3, M6 Q3 N7 r8 h9 {; z
access-list 101 permit ip host 10.10.50.226 host 192.168.2.3
( l8 V$ B0 w$ o0 T; F# w( P9 Qaccess-list 101 permit ip host 192.168.2.1 host 10.10.2.225
' B+ E4 t' ?# z2 }( `access-list 101 permit ip host 192.168.2.3 host 10.10.2.225+ x2 B# T( [) H {& T. m
access-list 101 permit ip host 192.168.3.5 host 10.10.2.2253 N- }) Q5 C+ d5 _3 x1 l3 \
access-list 101 permit ip host 10.10.2.225 host 192.168.2.1
6 a$ L$ C! d' d; n6 E/ M6 j" baccess-list 101 permit ip host 10.10.2.225 host 192.168.2.3
% y j3 o% E1 Eaccess-list 101 permit ip host 10.10.2.225 host 192.168.3.5. b* M6 f8 N$ F/ x3 Q
access-list 101 permit ip host 10.10.55.8 host 192.168.2.1
* s5 g) o4 x; m& xaccess-list 101 permit ip host 10.10.55.8 host 192.168.2.3) E' ^! i) {# V/ C. e, _/ @
access-list 101 permit ip host 10.10.55.8 host 192.168.3.5
3 d0 K, \& c6 ~* Faccess-list 101 permit ip host 192.168.2.1 host 10.10.55.8
. }2 t1 I2 Z+ P( Yaccess-list 101 permit ip host 192.168.2.3 host 10.10.55.8
; j4 f* w3 b- t9 zaccess-list 101 permit ip host 192.168.3.5 host 10.10.55.8" k" v4 i1 M! B3 A3 E$ ~' x
access-list 101 permit ip host 10.10.54.143 host 192.168.2.1
; F$ h4 N" M! Jaccess-list 101 permit ip host 10.10.54.143 host 192.168.2.3
- a( e) c" t( I7 N- X2 faccess-list 101 permit ip host 10.10.54.143 host 192.168.3.5
7 C, V6 u+ m: `% V% B9 G2 |access-list 101 permit ip host 192.168.2.1 host 10.10.54.143
3 X. [) n+ Z8 w5 baccess-list 101 permit ip host 192.168.2.3 host 10.10.54.143 D) d, o' y6 D+ _/ d, j+ X
access-list 101 permit ip host 192.168.3.5 host 10.10.54.143. R1 m' q, @+ d, K6 U* z
access-list 101 permit ip host 10.10.253.132 any
3 M/ U/ U) W) V& Waccess-list 101 permit ip host 10.10.253.129 any
p' X4 y) M7 l9 n+ [access-list 101 permit ip any host 10.10.253.132' ~( d( b; p3 q' ]9 q/ I
access-list 101 permit ip any host 10.10.253.1291 @# s+ k, S( o$ t
access-list 101 permit ip host 10.10.2.254 any9 t/ ?! w" h6 P7 n8 v
access-list 101 permit ip any host 10.10.2.254
2 Y7 o, o; q# kaccess-list 101 permit tcp any any
1 J/ \" G' j5 k% s3 p x) N L zaccess-list 101 permit icmp any any
/ f d( i r: c- M" D( Oaccess-list 101 deny ip any any& H! P1 \2 }# g0 P! I
pager lines 24
$ B- A5 j( q; Zmtu outside 1500% a/ W! C0 X2 |& F" L) ?+ V
mtu inside 1500" k9 x2 [6 [% N# m; o
ip address outside 10.10.54.100 255.255.255.0( L8 ~; f8 v4 g( C$ X
ip address inside 192.168.10.2 255.255.255.252
+ H7 ~5 ^6 B4 |0 j* f! J! ?% sip audit info action alarm
4 Q2 r! ?$ U" r6 B1 `8 h9 h5 A+ Xip audit attack action alarm
+ v; b5 d" I* r* Hno failover9 @2 c! X# P" d6 t- s6 L9 U: H
failover timeout 0:00:00: g {' {9 ]( K7 C. T# h+ I. Z8 U+ R
failover poll 15
7 _0 n' ]9 }, |5 G5 R/ \4 Xno failover ip address outside$ o, [; f, U5 L/ {) S8 f" F
no failover ip address inside3 g* J. E3 [) D# B2 i# N1 Q
pdm history enable+ m+ \( o3 |+ x
arp timeout 14400
- y2 x7 O2 y5 A# O8 fglobal (outside) 1 interface/ ?) S s& }2 J! S8 j9 S1 z+ d
global (outside) 2 10.10.54.101( ?' f* N/ A w9 H; q p
global (outside) 3 10.10.54.102
' Y) ~, K/ }1 T# o, w; ^nat (inside) 3 192.168.2.1 255.255.255.255 0 0
" y. p# t: l# |) R5 {# i" ^0 ~nat (inside) 1 192.168.2.3 255.255.255.255 0 06 o9 a2 e* `' |" U
nat (inside) 2 192.168.3.5 255.255.255.255 0 02 y7 {/ e4 n5 w% _% }& R
static (inside,outside) 10.10.54.101 192.168.3.5 netmask 255.255.255.255 0 0. I* ]' ?' u& x. v
static (inside,outside) 10.10.54.100 192.168.2.3 netmask 255.255.255.255 0 0
$ R4 `% ^, i( @1 ?- Gstatic (inside,outside) 10.10.54.102 192.168.2.1 netmask 255.255.255.255 0 0 D- m- B) k$ [
access-group 101 in interface outside ~1 G# r' k. e
access-group 101 in interface inside/ b6 f0 h- _. k4 j; K
route outside 0.0.0.0 0.0.0.0 10.10.54.126 1- d4 }9 A+ H5 T8 y
route inside 192.168.2.0 255.255.255.0 192.168.10.1 1
/ c9 i" w8 t5 _7 proute inside 192.168.3.0 255.255.255.0 192.168.10.1 1/ r' S% n& L& z1 V; W/ w
route inside 192.168.9.201 255.255.255.255 192.168.10.1 1
( ^ Q+ t/ w& D9 [0 gtimeout xlate 3:00:00" [: h' W F8 a( {! |: U' Z3 \# P
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00* ~1 ~6 C8 \2 I+ @# b E4 w8 S: f& ~, d
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
" {" ]: I R+ Etimeout uauth 0:05:00 absolute& b4 X- O( R4 L. E/ f; f
aaa-server TACACS+ protocol tacacs+
, o, p5 R; e) g; @* Faaa-server RADIUS protocol radius5 s( u# H6 I: W h2 |
aaa-server LOCAL protocol local" z& h" E" A, e+ w
no snmp-server location
' b6 ]7 X* j/ m# {- ~4 x/ zno snmp-server contact. W+ h( I, ?8 v8 x1 P! ~7 K
snmp-server community public1 y' b9 i! K* S& e9 v
no snmp-server enable traps: L: z( O. d, \. ]5 N. p
floodguard enable! U; \. M& [1 [$ O% U8 Y
telnet 192.168.3.118 255.255.255.255 inside! r* C/ E# |0 r0 n# m1 M: \, D; n% k
telnet 192.168.9.201 255.255.255.255 inside
( K1 _* l0 }, d3 N& }/ Dtelnet timeout 5
4 U! W& j4 k4 Gssh timeout 5 N/ H5 p! E2 r) ]4 ?% j" T' } y
console timeout 05 S. {3 @. l D% a" Y; N. B$ Q* o) x. H
terminal width 80% j/ L9 N& u2 _7 I; J) A
Cryptochecksum:d644a450a41a8d8a22ce9619d3083ea3) A0 S: W4 h) |* A
: end
* y B1 e) U& b" J9 H4 M' o10.10.2.232可以正常连接,并且ping10.10.54.100时内网地址可以正常的翻译。但是10.10.2.225这个IP就无法正常连接,并且在ping10.10.54.100时无法做地址翻译,这是为什么??? |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
