思科防火墙设置
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
增加一台服务器具体要求。新增一台服务器地址:10.165.127.15/255.255.255.128。需要nat 转换成公网地址16.152.91.223 映射出去,并对外开通这台服务器的80端口。
在对外pix525上面增加如下:access-list acl_out permit tcp any host 16.52.91.223 eq www //开放外网对新服务器80端口
static (inside,outside) 16.152.91.223 10.165.127.15 netmask 255.255.255.255 0 0 ////外高桥新服务器地址转换16.152.91.223
可是为什么转换后,不能访问16.52.91.223的网页,但确可以ping通16.52.91.223,但是访问10.165.127.15的主页是正常的??
具体配置如下:
pix-525> enable
Password: *****
pix-525# sh run
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password FVHQD7n.FuCW78fS level 7 encrypted
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname wgqpix-525
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit tcp any host 16.152.91.221 eq www
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host 16.152.91.220 eq https
access-list acl_out permit tcp any host 16.152.91.223 eq www
access-list outbound permit icmp any any
access-list outbound permit ip any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 16.152.91.222 255.255.255.128
ip address inside 10.165.127.254 255.255.255.252
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no pdm history enable
arp timeout 14400
static (inside,outside) 16.152.91.221 10.165.127.11 netmask 255.255.255.255 0 0 static (inside,outside) 16.152.91.220 10.165.127.23 netmask 255.255.255.255 0 0 static (inside,outside) 16.152.91.223 10.165.127.15 netmask 255.255.255.255 0 0 access-group acl_out in interface outside
access-group outbound in interface inside
route outside 0.0.0.0 0.0.0.0 16.152.91.129 1
route inside 10.165.0.0 255.255.0.0 10.165.127.253 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 10.165.6.225 255.255.255.255 inside
telnet 10.165.127.12 255.255.255.255 inside
telnet 10.165.127.250 255.255.255.255 inside