思科PIX525防火墙配置实例
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
PIX Version 7.0(2)
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.192.4 255.255.254.0 standby 192.168.192.3
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.3.24 255.255.255.0 standby 192.168.3.23
!
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
ftp mode passive
access-list 101 extended permit tcp any host 192.168.192.20 eq www pager lines 24
mtu inside 1500
mtu outside 1500
no failover
monitor-interface inside
no asdm history enable
arp timeout 14400
global (outside) 1 192.168.192.21-192.168.192.150
global (outside) 2 192.168.192.151-192.168.192.254
nat (inside) 1 192.168.2.0 255.255.255.0
nat (inside) 2 192.168.3.0 255.255.255.0
static (inside,outside) 192.168.192.20 192.168.3.5 netmask 255.255.255.255 access-group 101 in interface outside
rip inside default version 1
rip outside default version 1
route inside 192.168.2.0 255.255.255.0 192.168.3.1 1
route inside 192.168.5.0 255.255.255.0 192.168.3.1 1
route outside 0.0.0.0 0.0.0.0 192.168.192.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
telnet timeout 5
ssh timeout 5
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
!
service-policy global_policy global Cryptochecksum:96c351c413ba7a46ce89e28cc528ad5b : end