实际使用pix两个端口。
最终目的是:不使用nat让内部网络的地址直接出去,pix内外均为cernet地址。
配置1中不使用NAT的,内部节点不能通过pix出去
字串6
配置2中使用NAT的,内部节点可以通过pix出去 字串4
两个配置除了NAT以外,都一样。 字串4
请大家帮助检查一下,看看不做nat时,怎样才能做通。谢谢!
字串7
配置1: 没有使用NAT,内部节点不能通过pix出去
字串4
: Saved
字串2
PIX Version 6.1(2)
字串2
nameif gb-ethernet0 outside security0
字串5
nameif gb-ethernet1 inside security100
字串1
nameif ethernet0 intf2 security10 字串9
nameif ethernet1 intf3 security15 字串9
enable password 8Ry2YjIyt7RRXU24 encrypted 字串6
passwd 2KFQnbNIdI.2KYOU encrypted 字串5
hostname pixfirewall 字串6
fixup protocol ftp 21 字串7
fixup protocol http 80
字串4
fixup protocol h323 1720
字串8
fixup protocol rsh 514 字串4
fixup protocol rtsp 554 字串1
fixup protocol smtp 25
字串9
fixup protocol sqlnet 1521 字串3
fixup protocol sip 5060 字串9
fixup protocol skinny 2000 字串2
names 字串5
pager lines 24
字串8
interface gb-ethernet0 1000auto
字串6
interface gb-ethernet1 1000auto 字串8
interface ethernet0 auto shutdown 字串7
interface ethernet1 auto shutdown
字串3
mtu outside 1500
字串2
mtu inside 1500
字串2
mtu intf2 1500
字串2
mtu intf3 1500 字串5
ip address outside 202.*.212.2 255.255.255.0 字串5
ip address inside 202.*.8.2 255.255.255.0 字串9
ip address intf2 127.0.0.1 255.255.255.255 字串4
ip address intf3 127.0.0.1 255.255.255.255 字串5
ip audit info action alarm 字串2
ip audit attack action alarm 字串2
no failover
字串4
failover timeout 0:00:00
字串1
failover poll 15 字串5
failover ip address outside 0.0.0.0 字串2
failover ip address inside 0.0.0.0 字串2
failover ip address intf2 0.0.0.0 字串6
failover ip address intf3 0.0.0.0 字串5
pdm history enable
字串4
arp timeout 14400
字串4
nat (inside) 0 202.*.8.0 255.255.255.0 0 0
字串4
conduit permit icmp any any 字串6
route outside 0.0.0.0 0.0.0.0 202.*.212.1 1
字串8
timeout xlate 3:00:00 字串4
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si 字串3
p 0:30:00 sip_media 0:02:00 字串7
timeout uauth 0:05:00 absolute
字串8
aaa-server TACACS+ protocol tacacs+ 字串2
aaa-server RADIUS protocol radius 字串7
no snmp-server location 字串9
no snmp-server contact 字串2
snmp-server community public 字串3
no snmp-server enable traps 字串1
floodguard enable
字串1
no sysopt route dnat 字串4
telnet timeout 5 字串7
ssh timeout 5
字串9
terminal width 80 字串8
Cryptochecksum:d758aba407c7fb58d24b03da4b6970b4 字串1
配置2: 使用NAT,内部节点可出去。
字串4
: Saved 字串9
PIX Version 6.1(2) 字串4
nameif gb-ethernet0 outside security0
字串7
nameif gb-ethernet1 inside security100 字串1
nameif ethernet0 intf2 security10
字串7
nameif ethernet1 intf3 security15 字串2
enable password 8Ry2YjIyt7RRXU24 encrypted
字串9
passwd 2KFQnbNIdI.2KYOU encrypted
字串9
hostname pixfirewall
字串7
fixup protocol ftp 21
字串3
fixup protocol http 80 字串4
fixup prot
字串1
pix535实际配置
ocol h323 1720
字串9
fixup protocol rsh 514
字串7
fixup protocol rtsp 554 字串9
fixup protocol smtp 25 字串8
fixup protocol sqlnet 1521 字串2
fixup protocol sip 5060 字串9
fixup protocol skinny 2000 字串6
names 字串1
pager lines 24 字串7
interface gb-ethernet0 1000auto 字串8
interface gb-ethernet1 1000auto 字串1
interface ethernet0 auto shutdown
字串1
interface ethernet1 auto shutdown
字串1
mtu outside 1500
字串9
mtu inside 1500
字串9
mtu intf2 1500
字串3
mtu intf3 1500 字串3
ip address outside 202.*.212.2 255.255.255.0
字串3
ip address inside 202.*.8.2 255.255.255.0 字串9
ip address intf2 127.0.0.1 255.255.255.255 字串9
ip address intf3 127.0.0.1 255.255.255.255 字串4
ip audit info action alarm
字串7
ip audit attack action alarm 字串4
no failover
字串1
failover timeout 0:00:00
注:本站资源收集均来子互联网,如有侵权请告知,我们将第一时间删除.
当前位置:
