xiguaqq20 发表于 2018-7-22 06:15:15

CISCO-PIX506E详细配置以及命令注释(六)

access-list 100 permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside 192.168.1.220 255.255.255.0
  ip address inside 192.168.10.2 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool dialer 192.168.10.150-192.168.10.200
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list no-nat
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  static (inside,outside) tcp 192.168.1.220 www 192.168.10.24 www netmask 255.255.255.255 0 0
  access-group 100 in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout sip-disconnect 0:02:00 sip-invite 0:03:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.1.0 255.255.255.0 outside
  http 192.168.10.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  crypto ipsec transform-set aaades esp-des esp-md5-hmac
  crypto dynamic-map dynomap 10 set transform-set aaades
  crypto map ***peer 20 ipsec-isakmp dynamic dynomap
  crypto map ***peer client configuration address initiate
  crypto map ***peer client configuration address respond
  crypto map ***peer client authentication LOCAL
  crypto map ***peer interface outside
  isakmp enable outside
  isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
  isakmp client configuration address-pool local dialer outside
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption des
  isakmp policy 10 hash md5
  isakmp policy 10 group 2
  isakmp policy 10 lifetime 86400
  ***group student0 address-pool dialer

  ***group student0>  ***group student0 password ********
  telnet 192.168.10.0 255.255.255.0 inside
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 5
  console timeout 0
  username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 2

  terminal>  Cryptochecksum:e9f237a2bab164d66cca0398c122b0dc
  : end
页: [1]
查看完整版本: CISCO-PIX506E详细配置以及命令注释(六)