论坛 › Cisco › Configuring *** with CISCO PIX Firewall

a2005147 发表于 2018-7-14 08:31:12

Configuring *** with CISCO PIX Firewall

access-list dmz permit tcp any host 192.168.1.4 eq smtp　　access-list dmz permit tcp any host 192.168.1.5 eq www
　　access-list dmz permit tcp any host 192.168.1.6 eq ftp
　　access-list dmz permit tcp any host 192.168.1.8 eq 514
　　!--- Traffic to HOU-PIX:
　　access-list 120 permit ip 10.10.10.0 255.255.255.0 10.30.10.0 255.255.255.0
　　!--- Traffic to MN-PIX:
　　access-list 130 permit ip 10.10.10.0 255.255.255.0 10.20.10.0 255.255.255.0
　　!--- Do not Network Address Translate (NAT) traffic to other PIXes:
　　access-list *** permit ip 10.10.10.0 255.255.255.0 10.30.10.0 255.255.255.0
　　access-list *** permit ip 10.10.10.0 255.255.255.0 10.20.10.0 255.255.255.0
　　pager lines 24
　　logging on
　　no logging timestamp
　　no logging standby
　　no logging console
　　no logging monitor
　　no logging buffered
　　logging trap
　　no logging history
　　logging facility 20
　　logging queue 512
　　interface ethernet0 100full
　　interface ethernet1 100full
　　interface ethernet2 100full
　　mtu outside 1500
　　mtu inside 1500
　　ip address outside 192.168.1.2 255.255.255.0
　　ip address inside 10.10.10.1 255.255.255.0
　　ip address DMZ 172.16.31.1 255.255.255.0
　　ip audit info action alarm
　　ip audit attack action alarm
　　no failover
　　failover timeout 0:00:00
　　failover poll 15
　　failover ip address outside 0.0.0.0
　　failover ip address inside 0.0.0.0
　　arp timeout 14400
　　global (outside) 1 192.168.1.12-192.168.1.250 netmask 255.255.255.0
　　global (outside) 1 192.168.1.252 netmask 255.255.255.0
　　nat (inside) 1 10.10.10.0 255.255.255.0
　　!--- Do not NAT traffic to other PIXes:
　　nat (inside) 0 access-list ***

查看完整版本: Configuring *** with CISCO PIX Firewall