CiscoPIX两界面多服务配置

结构图如下:

PIX 520

Two Interface Multiple Server Configuration

nameif ethernet0 outside security0

nameif ethernet0 inside security100

interface ethernet0 auto

interface ethernet1 auto

ip address inside 10.1.1.1 255.0.0.0

ip address outside 204.31.17.10 255.255.255.0

logging on

logging host 10.1.1.11

logging trap 7

logging facility 20

no logging console

arp timeout 600

nat (inside) 1 10.0.0.0 255.0.0.0

nat (inside) 2 192.168.3.0 255.255.255.0

global (outside) 1 204.31.1.25-204.31.17.27

global (outside) 1 204.31.1.24

global (outside) 2 192.159.1.1-192.159.1.254

conduit permit icmp any any

outbound 10 deny 192.168.3.3 255.255.255.255 1720

outbound 10 deny 0 0 80

outbound 10 permit 192.168.3.3 255.255.255.255 80

outbound 10 deny 192.168.3.3 255.255.255.255 java

outbound 10 permit 10.1.1.11 255.255.255.255 80

apply (inside) 10 outgoing_src

no rip outside passive

no rip outside default

rip inside passive

rip inside default

route outside 0 0 204.31.17.1.1

tacacs-server host 10.1.1.12 lq2w3e

aaa authentication any inside 192.168.3.0 255.255.255.0 0 0 tacacs+

aaa authentication any inside 192.168.3.0 255.255.255.0 0 0

static (inside,outside) 204.31.19.0 192.168.3.0 netmask 255.255.255.0

conduit permit tcp 204.31.19.0 255.255.255.0 eg h323 any

static (inside,outside) 204.31.17.29 10.1.1.11

conduit permit tcp host 204.31.17.29 eq 80 any

conduit permit udp host 204.31.17.29 eq rpc host 204.31.17.17

conduit permit udp host 204.31.17.29 eq 2049 host 204.31.17.17

static (inside.outside) 204.31.1.30 10.1.1.3 netmask 255.255.255.255 10 10

conduit permit tcp host 204.31.1.30 eq smtp any

conduit permit tcp host 204.31.1.30 eq 113 any

snmp-server host 192.168.3.2

snmp-server location building 42

snmp-server contact polly hedra

snmp-server community ohwhatakeyisthee

telnet 10.1.1.11 255.255.255.255

telnet 192.168.3.0 255.255.255.0