设备型号:cisco pix 515e
现状和需求:网络位于企业内部网中,且个设备已经统一分配ip地址。简单起见将防火墙设为网桥模式;外部设备只能访问网络内两台服务器,内部所有设都可以访问外部设备。
设置步骤:
1、硬件连接(略)
2、使用wondows自带超级终端,将连接配置设为默认,连接到防火墙。
3、设置防火墙模式为transparent
4、设置用户名和密码,赋予最高权限。
5、设置设备ip,注意,当前模式下Ethernet0和Ethernet1都不能设置ip地址。
6、打开防火墙web服务。设置允许通过web访问防火墙的ip地址。
7、使用具备访问防火墙web的机器,访问防火墙,运行ASDM。
8、使用刚设置用户名和密码登入防火墙
9、在规则界面中设置各种规则。
(完)
配置如下:
PIX Version 7.0(6)
!
firewall transparent
hostname pixfirewall
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside_access_in remark webserver
access-list outside_access_in extended permit ip any host 10.43.94.99
access-list outside_access_in remark dbserver
access-list outside_access_in extended permit ip any host 10.43.94.110
access-list outside_access_in extended permit ip any host 10.43.94.150
access-list outside_access_in extended deny ip any 10.43.94.0 255.255.255.0
access-list inside_access_in extended permit ip 10.43.94.0 255.255.255.0 any
access-list inside_access_in remark ping
access-list inside_access_in extended permit icmp 10.43.94.0 255.255.255.0 any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 10.43.94.252 255.255.255.0
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 10.43.94.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
http server enable
http 10.43.94.0 255.255.255.0 inside
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:94d515d07ed094919f692f00408a288c
: end
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。