[精文推荐] Linux快速入门之命令及课件下载 [精文推荐] LinuxTone命令一句话汇总 [精文推荐] SMTP,POP3命令简介

[精文推荐] 负载均衡完美解决方案---利用LVS+Keepalived 实现高性能高可用负载均衡服务器

欢迎到IT运维专家网提问交流,我们将第一时刻为你解答！同时也希望站内朋友多多分享自己的心得，加强社区互动建设！建立最好的讨论平台！技术源于积累，源于分享！感谢你能分享！

LinuxTone 官方学习交流MSN群: mgroup49073@hotmail.com (欢迎linuxtone站内的朋友加入拒绝闲聊![需要正确回答问题才能加入该群：你是从那个网站得知本群号的？答案：linuxtone ])

返回列表回复发帖

LT技术团队

Rank: 7 Rank: 7 Rank: 7

UID: 3
帖子: 18
精华: 1
积分: 34
威望: 10
金钱: 0
贡献: 2
阅读权限: 100
在线时间: 20 小时
注册时间: 2008-5-25
最后登录: 2008-11-25

1^#

打印

字体大小: tT

9dshh发表于 2008-5-25 19:49 | 只看该作者

PIX Version 7.1(2) 版本与以前版本配置的一点区别

这个只为本人用到的，还有没有用到的，还请大家补充

配置方法：
进入接口模式
pixfirewall(config)# interface ethernet 0
激活接口
pixfirewall(config-if)# no shutdown
配置接口名称
pixfirewall(config-if)# nameif outside
配置接口IP
pixfirewall(config-if)# ip address 172.16.0.1 255.255.255.0

配置外网路由
pixfirewall(config)# route outside 0 0 192.168.13.1

简单配置如下
pixfirewall(config)# show run
: Saved
:
PIX Version 7.1(2)
!
hostname pixfirewall
enable password 8Ry2YjIytkAXU24 encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.10.119 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
passwd FhcseiJbU3Y3p1xG encrypted
ftp mode passive
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 192.168.10.251 192.168.0.67 netmask 255.255.255.255
static (inside,outside) 192.168.10.252 192.168.0.68 netmask 255.255.255.255
static (inside,outside) 192.168.10.253 192.168.0.38 netmask 255.255.255.255
static (inside,outside) 192.168.10.248 192.168.0.48 netmask 255.255.255.255
static (inside,outside) 192.168.10.254 192.168.0.50 netmask 255.255.255.255
static (inside,outside) 192.168.10.116 192.168.0.66 netmask 255.255.255.255
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
Cryptochecksum:e4ccaa1a2f4b438922c47ba39fb928b2
: end

[ 本帖最后由 9dshh 于 2008-6-15 16:50 编辑 ]

收藏分享评分

回复引用

订阅 TOP