pix基本配置

发表于:2007-06-23来源:作者:点击数: 标签:
PIX Version 5.2(6) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password .B42LT8EU0hqken6 encrypted passwd .B42LT8EU0hqken6 encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup

   
  PIX Version 5.2(6)
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password .B42LT8EU0hqken6 encrypted
  passwd .B42LT8EU0hqken6 encrypted
  hostname pixfirewall

  fixup protocol ftp 21
  fixup protocol http 80
  fixup protocol h323 1720
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol sip 5060
  names
  pager lines 24
  logging on
  no logging timestamp
  no logging standby
  no logging console
  no logging monitor
  no logging buffered
  no logging trap
  no logging history
  logging facility 20
  logging queue 512
  interface ethernet0 10baset
  interface ethernet1 10baset
  mtu outside 1500
  mtu inside 1500
  ip address outside 202.103.49.77 255.255.255.240
  ip address inside 192.168.0.254 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  arp timeout 14400
  global (outside) 1 202.103.x.x-202.103.x.x netmask 255.255.255.240
  global (outside) 1 202.103.x.x
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  alias (inside) 192.168.0.8 202.103.x.x 255.255.255.255
  alias (inside) 192.168.0.3 202.103.x.x 255.255.255.255
  alias (inside) 192.168.0.9 202.103.x.x 255.255.255.255
  alias (inside) 192.168.0.2 202.103.x.x 255.255.255.255
  static (inside,outside) 202.103.x.x 192.168.0.8 netmask 255.255.255.255 0 0
  static (inside,outside) 202.103.49.68 192.168.0.2 netmask 255.255.255.255 0 0
  static (inside,outside) 202.103.49.67 192.168.0.3 netmask 255.255.255.255 0 0
  static (inside,outside) 202.103.49.66 192.168.0.5 netmask 255.255.255.255 0 0
  static (inside,outside) 202.103.49.65 192.168.0.6 netmask 255.255.255.255 0 0
  static (inside,outside) 202.103.49.69 192.168.0.9 netmask 255.255.255.255 0 0
  conduit permit icmp any any
  conduit permit tcp host 202.103.x.x eq ftp any
  conduit permit tcp host 202.103.x.x eq telnet any
  conduit permit tcp host 202.103.x.x eq www any
  conduit permit tcp host 202.103.x.x eq ftp any
  conduit permit tcp host 202.103.x.x eq telnet any
  conduit permit tcp host 202.103.x.x any
  conduit permit tcp host 202.103.x.x eq domain any
  conduit permit tcp host 202.103.x.x eq 81 any
  conduit permit tcp host 202.103.x.x eq nntp any
  conduit permit tcp host 202.103.x.x eq pop3 any
  conduit permit tcp host 202.103.x.x eq smtp any
  conduit permit tcp host 202.103.x.x eq domain any
  conduit permit tcp host 202.103.x.x any
  route outside 0.0.0.0 0.0.0.0 202.103.x.x 1
  route inside 192.168.0.0 255.255.0.0 192.168.0.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  no sysopt route dnat
  isakmp identity hostname
  telnet 192.168.0.100 255.255.255.255 inside
  telnet timeout 5
  ssh timeout 5
  terminal width 80
  Cryptochecksum:fdf26b6b1b76274e18eaf2dd9a1a9299

原文转自:http://www.ltesting.net