找回密码
 注册

QQ登录

只需一步,快速开始

查看: 1508|回复: 0

pix 7.2 防火墙 NAT

[复制链接]
发表于 2009-6-2 22:14:32 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?注册

×
今天华能经济研究院的天融信防火墙坏了,防火墙上做的NAT,导致公司网络上不了。想起我们公司还有一台pix515防火墙,就先顶一下,防火墙那天被同事给升级成7.2版本的了,配置有了一点不同,我把我当时的配置贴出来
en
conf t
hostname hn123
enable password hn123
int e0
ip address 124.217.152.2 255.255.255.240
nameif outside sec0
no shutdown
exit
int e1
ip address 10.90.250.1 255.255.255.0
nameif inside sec100
no shutdown
exit
nat (inside) 1 10.90.250.0 255.255.255.0
global (outside) 1 interface 还可以这样写 global (outside) 1 124.217.152.2-124.217.152.13
route outside 172.30.30.0 255.255.255.252 124.217.152.1 1
route outside 0.0.0.0 0.0.0.0 124.217.152.1 1
route inside 172.30.30.0 255.255.255.252 124.217.152.1 1
route inside 0.0.0.0 0.0.0.0 124.217.152.1 1
exit
write memory
show run
PIX Version 7.2(1)
!
hostname hn123
enable password bwxJOW/ZuQcMRIuX encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 124.217.152.2 255.255.255.240
!
interface Ethernet1
nameif inside
security-level 100
ip address 10.90.250.1 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd bwxJOW/ZuQcMRIuX encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.90.250.0 255.255.255.0
route outside 172.30.30.0 255.255.255.252 124.217.152.1 1
route outside 0.0.0.0 0.0.0.0 124.217.152.1 1
route inside 172.30.30.0 255.255.255.252 124.217.152.1 1
route inside 0.0.0.0 0.0.0.0 124.217.152.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:d10d7976da955b0e1613e67a120ecb5e
: end
先顶几天,让他们抓紧拿钱买!呵呵~~~
  
您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|Archiver|小黑屋|维修人员 ( 鲁ICP备17033090号 )

GMT+8, 2024-12-23 08:53 , Processed in 0.204865 second(s), 16 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表