下面简单列出PIX 520 的基本配置
1.Configure without NAT
nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.109.77.1 255.255.255.0 (假设对外端口地址)
ip address inside 10.1.0.9 255.255.255.0(假设内部网络为:10.1.0.0)
hostname bluegarden
arp timeout 14400
no failover
names
pager lines 24
logging buffered debugging
nat (inside) 0 0 0
rip inside default
no rip inside passive
no rip outside default
rip outside passive
route outside 0.0.0.0 0.0.0.0 202.109.77.2 1(外连设备的内部端口地址)
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
mtu outside 1500
mtu inside 1500
2.Configure with NAT
nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.109.77.1 255.255.255.0 (假设对外端口地址)
ip address inside 10.1.0.9 255.255.255.0(假设内部网络为:10.1.0.0)
hostname bluegarden
arp timeout 14400
no failover
names
pager lines 24
logging buffered debugging
nat (inside) 1 0 0
global (outside) 1 202.109.77.10-202.109.77.20
global (outside) 1 202.109.22.21
no rip inside default
no rip inside passive
no rip outside default
no rip outside passive
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 202.109.77.2 1(外连设备的内部端口地址)
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
mtu outside 1500
mtu inside 1500
阅读(552) | 评论(0) | 转发(0) |
