pixfirewall(config-network)# sh run
interface Ethernet0
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet1
nameif outside
security-level 0
ip address 192.168.1.1 255.255.255.0
!
object-group service 10 tcp-udp ----服务对象分组
port-object eq 23
port-object eq www
port-object eq 21
object-group network 20 ----网络对象分组
network-object 1.1.1.1 255.255.255.255
network-object 1.2.1.1 255.255.255.255
object-group protocol 50 ----协议对象分组(没有被调用,道理都是一样)
protocol-object tcp
protocol-object udp
protocol-object icmp
object-group icmp-type 100 ----ICMP类型对象分组(没有被调用,道理都是一样)
icmp-object echo
icmp-object echo-reply
access-list nat extended permit ip 1.0.0.0 255.0.0.0 any
access-list permit extended permit ip any host 192.168.1.1
access-list permit extended permit tcp any object-group 10 object-group 20 ----调用对象分组
global (outside) 1 interface
nat (inside) 1 access-list nat
static (inside,outside) tcp interface telnet 1.1.1.1 telnet netmask 255.255.255.255
access-group permit in interface outside
route inside 1.0.0.0 255.0.0.0 172.16.1.2 1
route outside 2.2.2.0 255.255.255.0 192.168.1.2 1
route dmz 3.3.3.0 255.255.255.0 10.10.1.2 1
pixfirewall(config-network)#
R1#sh run
username user password 0 user
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 1.2.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
line vty 0 4
logging synchronous
login local
R1#
R2#sh run
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
R2#
R2#192.168.1.1
Trying 192.168.1.1 ... Open
User Access Verification
Username: user
Password:
R1>q
[Connection to 192.168.1.1 closed by foreign host]
R2#
阅读(674) | 评论(0) | 转发(0) |
