CGL007 发表于 2009-6-2 22:14:32

pix 7.2 防火墙 NAT

今天华能经济研究院的天融信防火墙坏了,防火墙上做的NAT,导致公司网络上不了。想起我们公司还有一台pix515防火墙,就先顶一下,防火墙那天被同事给升级成7.2版本的了,配置有了一点不同,我把我当时的配置贴出来
en
conf t
hostname hn123
enable password hn123
int e0
ip address 124.217.152.2 255.255.255.240
nameif outside sec0
no shutdown
exit
int e1
ip address 10.90.250.1 255.255.255.0
nameif inside sec100
no shutdown
exit
nat (inside) 1 10.90.250.0 255.255.255.0
global (outside) 1 interface 还可以这样写 global (outside) 1 124.217.152.2-124.217.152.13
route outside 172.30.30.0 255.255.255.252 124.217.152.1 1
route outside 0.0.0.0 0.0.0.0 124.217.152.1 1
route inside 172.30.30.0 255.255.255.252 124.217.152.1 1
route inside 0.0.0.0 0.0.0.0 124.217.152.1 1
exit
write memory
show run
PIX Version 7.2(1)
!
hostname hn123
enable password bwxJOW/ZuQcMRIuX encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 124.217.152.2 255.255.255.240
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.90.250.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd bwxJOW/ZuQcMRIuX encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.90.250.0 255.255.255.0
route outside 172.30.30.0 255.255.255.252 124.217.152.1 1
route outside 0.0.0.0 0.0.0.0 124.217.152.1 1
route inside 172.30.30.0 255.255.255.252 124.217.152.1 1
route inside 0.0.0.0 0.0.0.0 124.217.152.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d10d7976da955b0e1613e67a120ecb5e
: end
先顶几天,让他们抓紧拿钱买!呵呵~~~
页: [1]
查看完整版本: pix 7.2 防火墙 NAT