
这个防火墙的配置如下) I- U) G; j: _) \' O9 F- Q! X
基本没做什么,只是修改了一个2个ETH的IP
% `" X( k! X# x `* I4 p可是在内网里ping不出去,而且VPN连接不到外面 ~0 Y& I& t) d7 P& v0 a
连接的时候总是在验证用户名和密码这卡住,等待一分钟后,719错误,对方服务器无应答.# `+ H; H' D" C: [* n" s
- n" ?- x. s: L5 U1 }: ~8 |
: Saved( |" f; I9 b" o9 C
: Written by enable_15 at 01:42:54.855 UTC Tue Jul 4 2006
' d, o: J1 n" F' X4 Q- V& x G% p& oPIX Version 6.3(1)
; Y& L' A6 k) H% Finterface ethernet0 auto
" W) r! ?. v/ Xinterface ethernet1 100full
% `: |# V% L1 o2 F5 I$ e" rnameif ethernet0 outside security0
- ^8 w. Z* a% l5 S1 hnameif ethernet1 inside security100* z2 x+ g/ a- u$ g! u7 B# F5 S
enable password 8Ry2YjIyt7RRXU24 encrypted
. v4 o s" Q) c% L) Ppasswd 2KFQnbNIdI.2KYOU encrypted
' _5 q* F5 \- R6 j% o! fhostname zg
* ?; ]6 p* Y1 J4 ?* Nfixup protocol ftp 21" Y6 |2 L0 x* I4 F
fixup protocol h323 h225 1720
! D- _" v9 f, ^1 dfixup protocol h323 ras 1718-1719- f! ? |# e& o6 u' k% x
fixup protocol http 808 I* x# _( w- h6 c$ y
fixup protocol ils 3891 w/ W% r# n2 \ s! E2 W4 G8 x
fixup protocol rsh 514, B% h4 E: S( l- B
fixup protocol rtsp 5548 b: n2 G" s3 H( R
fixup protocol sip 2000- y9 ?0 d n* M$ l: ]3 C
fixup protocol sip 50603 c& L" E0 _0 k: H9 S r3 T$ L4 ~
fixup protocol sip udp 5060: H% }0 ?) C/ M) }0 P. q" a
no fixup protocol skinny 2000
- G8 {: ?$ {; Afixup protocol smtp 25
' F L) K! M V) z; C9 hfixup protocol sqlnet 1521, \ Y$ E# A8 s6 \
names/ f+ ~ A, ?) D3 T0 K5 v, |
pager lines 24& m3 m* v" L) r* k# |% A+ b/ e' b
mtu outside 1500: o" d) z3 X; J' P
mtu inside 1500
3 \' q7 N1 A1 k0 Pip address outside 222.223.71.88 255.255.255.0. _( P W9 J( Q" |: T
ip address inside 192.168.0.1 255.255.255.01 k0 o# Y( d! ^$ K3 o5 _
ip audit info action alarm |% K+ C' m: p3 c% F% |
ip audit attack action alarm
+ e/ A& T9 L, ?2 e# F& I- P. U3 m8 Vpdm logging informational 100
: ?8 \! C) Y% Y: Q0 [6 z3 Vpdm history enable
( K. x* T5 X5 E+ ^# m9 S: ?arp timeout 14400
% j* C2 C1 P: V' B# y2 H' Y" p7 Iglobal (outside) 1 interface
$ b7 u0 F; j! J u: Gnat (inside) 1 0.0.0.0 0.0.0.0 0 0: | ~( ^/ M( a' z8 j6 S6 u$ q+ a
conduit permit udp any any" H" |( Y l! d0 Q
conduit deny udp any any
2 j# o1 P/ q0 e# mroute outside 0.0.0.0 0.0.0.0 222.223.71.1 1
" q' H' S: Y6 ?* o1 U. ^# etimeout xlate 0:05:00
' l/ A4 `, a- H9 s# ]- Z+ atimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
: E( G, O6 y' V/ y; M0 ?timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00& z3 W5 A. A+ h/ [6 Q
timeout uauth 0:05:00 absolute! z; p6 d5 }+ X; Y- M1 r4 K
aaa-server TACACS+ protocol tacacs+: ~ R4 a% o$ Y" @1 y i) e
aaa-server RADIUS protocol radius
8 ~: L/ B1 X [% O' Eaaa-server LOCAL protocol local
- Z: [, s9 ~4 ]0 }4 _& Ohttp server enable
8 J" F7 T- P8 z$ R" shttp 192.168.1.0 255.255.255.0 inside
: T, c1 A- V9 A' {no snmp-server location
( u5 L _( T' _" P' \! D- ^no snmp-server contact* E6 a& x. T: C5 z. ?
snmp-server community public$ n) T( P- i" X! W
no snmp-server enable traps. o. J' @1 F; g1 J2 F/ Y# D% x+ u$ G
no floodguard enable3 |- w# ?, r" G& h" a
telnet 192.168.0.0 255.255.255.0 inside+ _% i7 ?% h }
telnet timeout 5
; \1 A" `, l% K; A g9 p( ?ssh timeout 5 M, j3 f4 L I" E
console timeout 0
- [, C+ t |, c2 i3 J w/ Udhcpd lease 3600
/ ^0 q1 t- T9 p3 o; [4 }: X7 r( l8 @dhcpd ping_timeout 750: f$ v& q$ O# l, l5 o1 U% }
dhcpd auto_config outside% X1 L6 g% u+ A, J: t7 h
terminal width 80
3 U; y" p; Y6 v& e) D6 UCryptochecksum:c70fb7e1bb5fcebc4f2f4e3765ce7d45 |
|