|
| 关于作者 |
 |
|
|
|
姓名: 大萝卜
职业: 听人说,技术支持是IT业最鸡肋的职业,于是我便开始郁闷起来!
个性签名: 我以为我们同属于/30,Ping出Timed out才明白处于不同的Vlan。我尝试着用爱做为Route,并用Traceroute来验证,可是Netstat的Syn_received结果让我无比伤心。于是我选择了deny any和deny ip any any,但是我心里一直期待着Vpn那天的到来,请将我放在你的Acl之内。
Mailto:bxz1981#gmail.com
|
|
|
| 我的分类 |
|
|
|
|
|
|
|
Authentication proxy on PIX 6.33
|
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PIX5
domain-name tcy.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 100 permit icmp any any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 10.1.5.1 255.255.255.0
ip address inside 172.29.6.5 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address intf2
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 172.29.6.0 255.255.255.0 0 0
access-group 100 in interface outside
route inside 172.29.0.0 255.255.0.0 172.29.6.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server aasrv protocol radius
aaa-server aasrv (inside) host 172.29.1.211 cisco timeout 2
aaa authentication include telnet inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 aasrv
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
=============================================
PIX5(config)# sh access-l
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list 100; 1 elements
access-list 100 line 1 permit icmp any any (hitcnt=20)
access-list #ACSACL#-IP-testacl-43f286a7; 2 elements
access-list #ACSACL#-IP-testacl-43f286a7 line 1 permit icmp 172.29.6.0 255.255.255.0 10.1.5.0 255.255.255.0 (hitcnt=5)
access-list #ACSACL#-IP-testacl-43f286a7 line 2 permit tcp any any (hitcnt=1)
===========================================
PIX5(config)# sh uauth
Current Most Seen
Authenticated Users 1 1
Authen In Progress 0 1
user 'test' at 172.29.6.1, authenticated
access-list #ACSACL#-IP-testacl-43f286a7
absolute timeout: 0:05:00
inactivity timeout: 0:00:00
============================================
PIX5(config)# sh uauth
Current Most Seen
Authenticated Users 0 1
Authen In Progress 0 1
PIX5(config)# sh timeout
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
PIX5(config)# 79: Received response: , session id 1460055867
80: Making authentication request for host 172.29.1.211, user , session id: 1460055867
81: Processing challenge for user , session id: 1460055867, challenge: Username:
83: sending challenge to user: , challenge: Username: , session id: 1460055867
82: Processing challenge for user , session id: 1460055867, challenge: Username:
77: uap allocated. remote address: 10.1.5.2, Session_id: 1460055867
78: Built proxy between 10.1.5.2/1035 and 10.1.5.2/11011. session id: 1460055867
84: Received response: test, session id 1460055867
85: Making authentication request for host 172.29.1.211, user test, session id: 1460055867
86: Processing challenge for user test, session id: 1460055867, challenge: Password:
88: sending challenge to user: test, challenge: Password: , session id: 1460055867
87: Processing challenge for user test, session id: 1460055867, challenge: Password:
89: Received response: , session id 1460055867
90: Making authentication request for host 172.29.1.211, user test, session id: 1460055867
92: Authentication failed for user :test, pass :cisco5, session id :1460055867
93: retrying Authentication for user :test, pass :cisco5, session id:1460055867
94: Received response: , session id 1460055867
95: Making authentication request for host 172.29.1.211, user , session id: 1460055867
96: Processing challenge for user , session id: 1460055867, challenge: Username:
98: sending challenge to user: , challenge: Username: , session id: 1460055867
97: Processing challenge for user , session id: 1460055867, challenge: Username:
91: Processing a rejection for user <test>, session id: 1460055867
99: Received response: test, session id 1460055867
100: Making authentication request for host 172.29.1.211, user test, session id: 1460055867
101: Processing challenge for user test, session id: 1460055867, challenge: Password:
103: sending challenge to user: test, challenge: Password: , session id: 1460055867
102: Processing challenge for user test, session id: 1460055867, challenge: Password:
104: Received response: , session id 1460055867
105: Making authentication request for host 172.29.1.211, user test, session id: 1460055867
106: user: test authenticated, session id: 1460055867
108: telnet authentication complete for user: test, session id: 1460055867
107: Authorization for user: test checked against corresponding access-list, session id: 1460055867
109: telnet authentication complete for user: test, session id: 1460055867
110: uap freed for user test. remote address: 10.1.5.2, session id: 1460055867
PIX5(config)# sh uauth
Current Most Seen
Authenticated Users 1 1
Authen In Progress 0 1
user 'test' at 172.29.6.1, authenticated
access-list #ACSACL#-IP-testacl-43f286a7
absolute timeout: 0:05:00
inactivity timeout: 0:00:00
PIX5(config)# sh access-l
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list 100; 1 elements
access-list 100 line 1 permit icmp any any (hitcnt=20)
access-list #ACSACL#-IP-testacl-43f286a7; 2 elements
access-list #ACSACL#-IP-testacl-43f286a7 line 1 permit icmp 172.29.6.0 255.255.255.0 10.1.5.0 255.255.255.0 (hitcnt=0)
access-list #ACSACL#-IP-testacl-43f286a7 line 2 permit tcp any any (hitcnt=1)
|
|
|
发表于: 2006-12-14,修改于: 2007-03-07 09:41 已浏览1883次,有评论0条
推荐
投诉
|
|
|
| |
|
Copyright © 2001-2006 ChinaUnix.net All Rights Reserved
感谢所有关心和支持过ChinaUnix的朋友们
页面生成时间:0.01714 京ICP证041476号
|
|
