PIX防火墻配置實(shí)例_第1頁(yè)
PIX防火墻配置實(shí)例_第2頁(yè)
PIX防火墻配置實(shí)例_第3頁(yè)
PIX防火墻配置實(shí)例_第4頁(yè)
PIX防火墻配置實(shí)例_第5頁(yè)
已閱讀5頁(yè),還剩4頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、如下圖所示:這是一家小型公司,為了公司不被攻擊,則買了一臺(tái)放火墻。(PIX802.bin) 要求:1、 內(nèi)網(wǎng)通信無(wú)阻。2、 在放火墻處做NAT轉(zhuǎn)換。4、 在做一些安全上的配置,此配置不列出,參考cisco 安全技術(shù)(教科書(shū))第八章內(nèi)容。5、 保存配置。R1(config)#do show runBuilding configuration.Current configuration : 975 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno servic

2、e password-encryption!hostname R1!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5ip cefR1(config)#R1(config)#R1(config)#R1(config)#do show runR1(config)#do show runBuilding configuration.Current configuration : 975 bytes !version 12.4service timestamps debug datetime msec servic

3、e timestamps log datetime msec no service password-encryption !hostname R1!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cefinterface Loopback0interface Loopback1interface Loopback2interface FastEthernet0/0speed auto!interface FastEthernet1/0no ip addressshutdownduplex auto

4、speed auto!router ospf 100log-adjacency-changesip http serverno ip http secure-servercontrol-planeline con 0exec-timeout 0 0logging synchronousline aux 0line vty 0 4!EndR2(config)#do show run Building configuration.Current configuration : 717 bytes !version 12.4service timestamps debug datetime msec

5、 service timestamps log datetime msec no service password-encryption !hostname R2!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cefinterface FastEthernet0/0speed auto!interface FastEthernet1/0speed auto!router ospf 100log-adjacency-changesip http serverno ip http secure-ser

6、vercontrol-planeline con 0line aux 0line vty 0 4!EndFILL(config)# show run : Saved:PIX Version 8.0(2)!hostname FILLenable password 8Ry2YjIyt7RRXU24 encrypted names!interface Ethernet0nameif insidsecurity-level 100interface Ethernet1nameif outsidesecurity-level 0passwd 2KFQnbNIdI.2KYOU encrypted ftp

7、mode passiveaccess-list 100 extended permit ip any any pager lines 24mtu outside 1500mtu insid 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfaceaccess-group 100 in interface outside!router ospf 100log-adj-changesdefault-information orig

8、inate!timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolutedynamic-access-poli

9、cy-record DfltAccessPolicyno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart no crypto isakmp nat-traversaltelnet timeout 5ssh timeout 5console timeout 0threat-detection basic-threatthreat-detection statistics access-list!prompt hostna

10、me contextCryptochecksum:00000000000000000000000000000000DX(config)#do show runBuilding configuration.Current configuration : 670 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption !hostname DX!boot-start-markerboot-end-marker!n

11、o aaa new-modelmemory-size iomem 5!ip cef!interface Loopback0interface FastEthernet0/0no ip addressshutdownduplex autospeed auto!interface FastEthernet1/0speed auto!ip http serverno ip http secure-server!control-plane!Line con 0exec-timeout 0 0logging synchronousline aux 0line vty 0 4!EndR1(config)#

12、do show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS le

13、vel-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeR2(config)#do show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 -

14、OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeFILL(config)# show routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論