模板
教程
环境
性能
功能
管理
pix535实际配置
实际使用pix两个端口。 配置1中不使用NAT的,内部节点不能通过pix出去 配置2中使用NAT的,内部节点可以通过pix出去 两个配置除了NAT以外,都一样。 请大家帮助检查一下,看看不做nat时,怎样才能做通。谢谢! 配置1: 没有使用NAT,内部节点不能通过pix出去 : Saved PIX Version 6.1(2) nameif gb-ethernet0 outside security0 nameif gb-ethernet1 inside security100 nameif ethernet0 intf2 security10 nameif ethernet1 intf3 security15 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface gb-ethernet0 1000auto interface gb-ethernet1 1000auto interface ethernet0 auto shutdown interface ethernet1 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 mtu intf3 1500 ip address outside 202.*.212.2 255.255.255.0 ip address inside 202.*.8.2 255.255.255.0 ip address intf2 127.0.0.1 255.255.255.255 ip address intf3 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address intf2 0.0.0.0 failover ip address intf3 0.0.0.0 pdm history enable arp timeout 14400 nat (inside) 0 202.*.8.0 255.255.255.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 202.*.212.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:d758aba407c7fb58d24b03da4b6970b4 配置2: 使用NAT,内部节点可出去。 : Saved PIX Version 6.1(2) nameif gb-ethernet0 outside security0 nameif gb-ethernet1 inside security100 nameif ethernet0 intf2 security10 nameif ethernet1 intf3 security15 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup prot fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface gb-ethernet0 1000auto interface gb-ethernet1 1000auto interface ethernet0 auto shutdown interface ethernet1 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 mtu intf3 1500 ip address outside 202.*.212.2 255.255.255.0 ip address inside 202.*.8.2 255.255.255.0 ip address intf2 127.0.0.1 255.255.255.255 ip address intf3 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address intf2 0.0.0.0 failover ip address intf3 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 202.*.212.3-202.*.212.50 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 202.*.212.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:77595ed5d852b9a1dfaf10426af3f516 : end 1 2
最终目的是:不使用nat让内部网络的地址直接出去,pix内外均为cernet地址。
pix535实际配置
ocol h323 1720
