pix基本配置

王朝other·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

PIX Version 5.2(6)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password .B42LT8EU0hqken6 encrypted

passwd .B42LT8EU0hqken6 encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

names

pager lines 24

logging on

no logging timestamp

no logging standby

no logging console

no logging monitor

no logging buffered

no logging trap

no logging history

logging facility 20

logging queue 512

interface ethernet0 10baset

interface ethernet1 10baset

mtu outside 1500

mtu inside 1500

ip address outside 202.103.49.77 255.255.255.240

ip address inside 192.168.0.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

global (outside) 1 202.103.x.x-202.103.x.x netmask 255.255.255.240

global (outside) 1 202.103.x.x

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

alias (inside) 192.168.0.8 202.103.x.x 255.255.255.255

alias (inside) 192.168.0.3 202.103.x.x 255.255.255.255

alias (inside) 192.168.0.9 202.103.x.x 255.255.255.255

alias (inside) 192.168.0.2 202.103.x.x 255.255.255.255

static (inside,outside) 202.103.x.x 192.168.0.8 netmask 255.255.255.255 0 0

static (inside,outside) 202.103.49.68 192.168.0.2 netmask 255.255.255.255 0 0

static (inside,outside) 202.103.49.67 192.168.0.3 netmask 255.255.255.255 0 0

static (inside,outside) 202.103.49.66 192.168.0.5 netmask 255.255.255.255 0 0

static (inside,outside) 202.103.49.65 192.168.0.6 netmask 255.255.255.255 0 0

static (inside,outside) 202.103.49.69 192.168.0.9 netmask 255.255.255.255 0 0

conduit permit icmp any any

conduit permit tcp host 202.103.x.x eq ftp any

conduit permit tcp host 202.103.x.x eq telnet any

conduit permit tcp host 202.103.x.x eq www any

conduit permit tcp host 202.103.x.x eq ftp any

conduit permit tcp host 202.103.x.x eq telnet any

conduit permit tcp host 202.103.x.x any

conduit permit tcp host 202.103.x.x eq domain any

conduit permit tcp host 202.103.x.x eq 81 any

conduit permit tcp host 202.103.x.x eq nntp any

conduit permit tcp host 202.103.x.x eq pop3 any

conduit permit tcp host 202.103.x.x eq smtp any

conduit permit tcp host 202.103.x.x eq domain any

conduit permit tcp host 202.103.x.x any

route outside 0.0.0.0 0.0.0.0 202.103.x.x 1

route inside 192.168.0.0 255.255.0.0 192.168.0.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

isakmp identity hostname

telnet 192.168.0.100 255.255.255.255 inside

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:fdf26b6b1b76274e18eaf2dd9a1a9299

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航