本站已运行 15年10天20小时47分36秒

攻城狮论坛

作者: songqiang
查看: 1543|回复: 13

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[安全] 【讨论】PIX基本配置,为什么联众登陆不上?大家遇到过吗?

[复制链接]
查看: 1543|回复: 13
开通VIP 免金币+免回帖+批量下载+无广告
如题!
$ ]( d9 E! k) ^# K3 JPIX只是基本配置,联众登陆不上,很奇怪,没有限制什么啊.
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

举报

shmilytan [Lv4 初露锋芒] 发表于 2013-3-26 22:27:17 | 显示全部楼层
好像是fixup的问题,查查联众的端口是多少,再看看配置中的fixup
回复 支持 反对

举报

次子 [Lv4 初露锋芒] 发表于 2013-3-27 01:02:52 | 显示全部楼层
有可能,试试了。 frown.gif
回复 支持 反对

举报

ewanyang [Lv5 不断成长] 发表于 2013-3-27 04:01:13 | 显示全部楼层
no fixup protocol skinny 2000
回复 支持 反对

举报

Asan [Lv4 初露锋芒] 发表于 2013-3-27 04:10:58 | 显示全部楼层
联众登不上啊?那怎么炸40啊?把配置发上来我帮你看看!
回复 支持 反对

举报

lihailin3344 [Lv4 初露锋芒] 发表于 2013-3-27 07:03:17 | 显示全部楼层
......
回复 支持 反对

举报

swqing [Lv4 初露锋芒] 发表于 2013-3-27 07:44:36 | 显示全部楼层
引用:                                                                                                                                作者: karenzkk                                                                                                                                                                                                        no fixup protocol skinny 2000                                                                                                                就是这个。
回复 支持 反对

举报

dhsky [Lv4 初露锋芒] 发表于 2013-3-27 09:15:50 | 显示全部楼层
PIX Version 6.3(5)* V$ f' V6 o" v" y- V
interface ethernet0 auto
) m( ^( J/ Y- h, L, Linterface ethernet1 auto  }. D1 E! X& g, m( V8 F
nameif ethernet0 outside security0) Z: l' N6 y0 Y' n/ x2 m9 v# ~
nameif ethernet1 inside security100( _' G9 Y* _7 f# }5 ]
enable password 0e53SZdxezxawxDG encrypted) B. s* a; g! O% e1 y
passwd 2KFQnbNIdI.2KYOU encrypted
  A( R5 j- B# `7 J+ }; Fhostname pixfirewall5 X$ \* {* r) j+ ?) T0 I
domain-name ciscopix.com
% p' Z; H# K* p0 H* wfixup protocol dns maximum-length 512
# c  j8 \9 r. Y$ r5 C; H0 }fixup protocol ftp 21: _5 @) A3 [3 k% a' _
fixup protocol h323 h225 1720
4 a8 q0 f# t& tfixup protocol h323 ras 1718-1719
2 ?4 o( v2 Z+ x" F- Cfixup protocol http 80, s! D1 i$ M* o+ V0 ~' }
fixup protocol rsh 514
% r& _- |% O6 \0 L; Ufixup protocol rtsp 554" C" {+ @( t3 }/ r
fixup protocol sip 5060
- R1 I8 P! `9 }9 f6 m; @$ K, Sfixup protocol sip udp 50600 L) h5 B0 X9 }3 ^2 B
fixup protocol skinny 2000; e* y- D$ q1 k( y' M/ O
fixup protocol smtp 25# ^, @& |5 V7 x! \: z3 C
fixup protocol sqlnet 1521
* X0 C9 r% m" q7 l* Yfixup protocol tftp 693 ~$ z/ I! d4 L% I! A
names9 l3 g4 J' `1 q! ~, x4 r# ]- x3 w
access-list 102 permit tcp any host 222.191.123.6 eq www
, t; I- M. E) R% Z$ j$ oaccess-list 102 permit tcp any host 222.191.123.6 eq smtp1 [( V. W. C% ]9 {6 y1 u+ _
access-list 102 permit tcp any host 222.191.123.6 eq pop3
2 C$ ?" h# C, v6 T* W/ r" w$ V/ o! naccess-list 102 permit tcp any host 222.191.123.6 eq 56789
$ f* K9 l/ ?; u4 F# Q' Taccess-list 102 permit icmp any any
- I; E7 I9 w/ \7 V( W) \/ saccess-list 80 permit ip 192.168.11.0 255.255.255.0 192.168.11.0 255.255.255.0
) i" X3 ^' K- ]: ^- w1 G8 h2 xaccess-list 80 permit ip 192.168.12.0 255.255.255.0 192.168.11.0 255.255.255.0# Y1 g6 P  ]" p/ Z- `) Y
access-list 80 permit ip 192.168.13.0 255.255.255.0 192.168.11.0 255.255.255.0
% w. R2 X, P( Oaccess-list 80 permit ip 192.168.14.0 255.255.255.0 192.168.11.0 255.255.255.0
* @$ B9 B9 [4 b0 A3 Eaccess-list 80 permit ip 192.168.15.0 255.255.255.0 192.168.11.0 255.255.255.08 C# ]  ]1 h  x/ c- Q# k
access-list 80 permit ip 192.168.16.0 255.255.255.0 192.168.11.0 255.255.255.0
. c% u" @7 s- l- N4 a2 s# ~" kaccess-list 80 permit ip 192.168.13.0 255.255.255.0 192.168.200.0 255.255.248.02 l2 K' k/ g6 R0 P" m( w4 a
access-list 80 permit ip 192.168.14.0 255.255.255.0 192.168.200.0 255.255.248.0
6 d% T9 K* ~8 Y0 e8 _access-list 80 permit ip 192.168.12.0 255.255.255.0 192.168.200.0 255.255.248.0
% f0 S: h8 v( z6 o1 h+ W4 _$ Vaccess-list 120 permit ip 192.168.13.0 255.255.255.0 192.168.200.0 255.255.248.! F3 v' e) h* m

; M! I% i3 h) G7 a3 W4 [4 p3 ~pager lines 24
! ], F. w7 `* J3 _& n6 M0 {% P; emtu outside 15000 j* h& y9 Z. D) z6 Y  x
mtu inside 1500
, V2 C/ B( |* Q! i  W& \- Xip address outside 222.191.123.6 255.255.255.252
- D; B8 l. G. }! zip address inside 192.168.11.254 255.255.255.0. J4 y, Q. L# x1 z0 O
ip audit info action alarm
! }( Y" |$ z2 z, P: ]3 z1 \ip audit attack action alarm
5 q' N/ i4 }) d5 A* Jip local pool dialer 192.168.11.200-192.168.11.220. B0 c2 x/ I5 u  B" x
no failover+ Y' M% i; U* ^/ Z7 w
failover timeout 0:00:00
* R8 X, F0 j$ J3 a+ ^failover poll 15
" G: _; X6 _: Tno failover ip address outside5 g0 [! U1 ^' h6 {# k
no failover ip address inside
4 Q" z- ^# I$ i3 r. _pdm location 192.168.12.0 255.255.255.0 inside$ k0 _2 \/ ?# P8 X* Q$ g# ?
pdm location 192.168.13.0 255.255.255.0 inside
7 e! I9 d" |  K0 e* i3 A4 ~pdm location 192.168.14.0 255.255.255.0 inside+ b- c2 T8 N$ ~- |( L
pdm location 192.168.15.0 255.255.255.0 inside
9 E) I5 f7 ~' h: kpdm location 192.168.16.0 255.255.255.0 inside
, C. ]3 z& e$ n, Spdm location 192.168.18.0 255.255.255.0 outside- R6 p/ ]5 {6 K* d
pdm location 192.168.11.0 255.255.255.0 inside
- w( O/ D3 p, F8 b' N% s1 p$ a$ jpdm location 192.168.18.0 255.255.255.0 inside
1 ?/ s" h/ p, a' x1 n( u7 [: mpdm location 192.168.12.3 255.255.255.255 inside6 `8 Q9 g% V1 e" U
pdm location 0.0.0.0 255.0.0.0 inside
, `$ r; d, ~3 j1 l5 r! T1 epdm location 192.168.11.0 255.255.255.0 outside! s* j: t) ]6 @# \
pdm location 192.168.12.4 255.255.255.255 inside
1 H7 F* }, m, s' i# epdm location 192.168.200.0 255.255.248.0 outside+ u8 `; ~0 F( d
pdm history enable
% w' B6 [2 V* Garp timeout 144009 M, K6 `9 h  L% q
global (outside) 1 interface
' F0 Y/ X7 F! B* |/ t( ?nat (inside) 0 access-list 80
# k, r7 K" B( N) cnat (inside) 1 192.168.11.0 255.255.255.0 0 0) N8 @7 |" l7 X2 `  T8 J
nat (inside) 1 192.168.12.0 255.255.255.0 0 0
) w( O9 x# i- T( f6 f0 ^: Sstatic (inside,outside) tcp interface ftp 192.168.12.3 ftp netmask 255.255.255.- u; L4 M( B: E( s0 X+ O
55 0 09 I' E) X3 M# N! s
static (inside,outside) tcp interface smtp 192.168.12.3 smtp netmask 255.255.25$ |& q( e. [: l4 g
.255 0 0
9 i4 `7 K/ K) `6 W' L$ d# tstatic (inside,outside) tcp interface www 192.168.12.3 www netmask 255.255.255.
0 G2 s- s2 D2 F; Z$ Q55 0 0
3 J  A3 b* b6 e! ?static (inside,outside) tcp interface pop3 192.168.12.3 pop3 netmask 255.255.25, A& \  h- K  H$ O5 d
.255 0 0
# M" i- S, h- X5 C3 ostatic (inside,outside) tcp interface 56789 192.168.12.3 615 netmask 255.255.257 p4 n; U3 E/ Q8 A& u  \1 T4 z5 C
.255 0 0
2 f7 z/ S+ P' _7 T6 E! w& f+ U5 |access-group 102 in interface outside
: ?6 z* ]8 X. }( jroute outside 0.0.0.0 0.0.0.0 222.191.234.5 1
- o  {# A( T( s- Droute inside 192.168.12.0 255.255.255.0 192.168.11.1 17 p% l9 q  d# a" B, c7 ~
route inside 192.168.13.0 255.255.255.0 192.168.11.1 19 p, p& [  c# b: y7 R: U
route inside 192.168.14.0 255.255.255.0 192.168.11.1 1
7 y( c) t) \+ e9 ~" P& [4 K, ?  M3 {; oroute inside 192.168.15.0 255.255.255.0 192.168.11.1 1
8 b( D8 @3 ~: [: kroute inside 192.168.16.0 255.255.255.0 192.168.11.1 1( {# n, R# q! v- f# _
route inside 192.168.18.0 255.255.255.0 192.168.11.1 1
3 i/ H3 L7 p# a# _, [, k" `0 ]timeout xlate 3:00:00( `7 @! J% `' A" H
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00  _5 k9 Z' C) ?
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:009 W& r: ?* S( k  N( o
timeout sip-disconnect 0:02:00 sip-invite 0:03:00. ], z8 \0 F3 f% j. i
timeout uauth 0:05:00 absolute
+ f# ]2 d  L& {# G! F3 @aaa-server TACACS+ protocol tacacs+0 ]+ ]! X. A( ~, N" }, H9 n
aaa-server TACACS+ max-failed-attempts 31 C2 v+ g" v  H  d6 `0 g
aaa-server TACACS+ deadtime 10
) z% |. [1 C& U" e! y5 \. q, \6 haaa-server RADIUS protocol radius; v1 `  x* m* h
aaa-server RADIUS max-failed-attempts 3& `- i9 I% h, R6 e) W( T/ H1 B+ b
aaa-server RADIUS deadtime 10* t0 G2 v  l; ]/ A
aaa-server LOCAL protocol local1 R7 h1 n% k; Q
http server enable" t* }$ n% z* ]4 T5 o, d3 u9 c, x
http 0.0.0.0 0.0.0.0 inside
. W' S8 d: g8 `8 E8 M" ]no snmp-server location+ I) S! n' P4 K' c' j! h  o: ?
no snmp-server contact( z$ P; Q) x# T: M1 l
snmp-server community public
% \* h7 \3 A7 y6 W! X: Ano snmp-server enable traps2 I9 \4 d( K4 ~7 q  {
floodguard enable% w6 ~6 ^& x) I3 F" i" D3 H6 C
sysopt connection permit-ipsec
5 B& C% y2 W4 d3 q; d" v; acrypto ipsec transform-set aaades esp-des esp-md5-hmac7 \; G2 ^% i3 V% b8 t# T
crypto ipsec transform-set myset esp-3des esp-md5-hmac( J  h5 {/ n$ l: B
crypto dynamic-map dynomap 10 set transform-set aaades  L0 C' M5 u% G/ V* |  B! W( B) h& w
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap2 J' C1 q0 L/ Y$ x( D
crypto map vpnpeer 40 ipsec-isakmp
9 ]$ z' @  y- S: ycrypto map vpnpeer 40 match address 120
2 D) b0 k# o% icrypto map vpnpeer 40 set peer 222.191.232.34- J8 p2 L5 l) r
crypto map vpnpeer 40 set transform-set myset
- D+ l: B& g- `' B' a7 jcrypto map vpnpeer client configuration address initiate6 u% Z: v- K, O' n7 z7 A% t  y+ e: [
crypto map vpnpeer client configuration address respond
7 c% W7 @  ~3 u8 o$ U) s  Tcrypto map vpnpeer client authentication LOCAL
1 A6 ]. W- h' K+ f5 `1 V/ ~crypto map vpnpeer interface outside
& w4 K  i& Q5 r" q! aisakmp enable outside4 j; \# m& G! P; Z/ _, N1 ]5 r; V! K/ N6 ]
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0* T, y7 n* z/ l
isakmp key ******** address 222.191.232.34 netmask 255.255.255.2554 b2 F. J( @  t+ w
isakmp client configuration address-pool local dialer outside1 ]) a! J# Q! [! [7 I) O
isakmp policy 10 authentication pre-share9 w) W. r  Q1 B; p
isakmp policy 10 encryption des
; p% R( h! t* g8 b; H. R# _! f& kisakmp policy 10 hash md5
0 Z' c! c. x1 Z7 h# R8 t7 cisakmp policy 10 group 2$ t. q" M- c- x. k
isakmp policy 10 lifetime 86400: |$ g& C7 V2 V: q1 C& ~
vpngroup weifu103user address-pool dialer
1 }: k4 b& @) H; @6 D* \vpngroup weifu103user idle-time 1800
- F( b, ?& z, B8 L% q* vvpngroup weifu103user password ********/ r  M$ C; g. h# g
telnet 0.0.0.0 0.0.0.0 outside& Y- s0 c# u) H2 X$ u; `2 j
telnet 0.0.0.0 0.0.0.0 inside! K, W/ d! o% Q& s" c6 Q
telnet timeout 5
) [( D. l. b& a0 [ssh timeout 5
8 q6 }9 d  W7 B. ~# z/ @console timeout 01 P5 @/ V9 c$ v9 ?, w) o
username weifu103 password 0KczsG6c9C2DHNWX encrypted privilege 26 [- t5 \  Y/ p4 [( S+ A
username weifu password ObN5By5VruQxn1Fr encrypted privilege 2! t& I8 ?( r# r* g% v8 z3 v' s
username vpnuser password tAtXXvCxpjX0dUEC encrypted privilege 2- x1 S* ?; M9 U  w! ]
terminal width 80: C' g8 n1 F$ _' ~
Cryptochecksum:9c994cccc5b7fcc843383017fd2e4c692 R: L! A6 h$ Y( m) r% l4 ]. Z  J% A
: end4 z! A0 t5 {" Z
pixfirewall(config)# quit
. z& {$ a9 ~5 @' L0 s9 N1 A: xpixfirewall# quit. [: A, z% b7 D9 x' M# v& Q/ G( N
/ Y1 {4 ]( o3 s4 p) `# ]' l
Logoff" W! z( I9 h: {5 H( J  c

5 @5 h5 _; u1 L% u' D( F1 W
; G; K/ g- P0 M/ r
) i5 @1 i/ n  I9 N) y% y( _失去了跟主机的连接。
回复 支持 反对

举报

渺峰绝剑 [Lv4 初露锋芒] 发表于 2013-3-27 11:00:59 | 显示全部楼层
no fixup protocol skinny 2000是什么意思?
回复 支持 反对

举报

chinahope [Lv5 不断成长] 发表于 2013-3-27 11:12:40 | 显示全部楼层
连种用的是2000端口,而pix吧2000用做其他一个协议(skinny),你no一下就可以了。就这样简单
回复 支持 反对

举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-7-26 20:43 , Processed in 0.136370 second(s), 17 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn