扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
PIX-Shanghai> en
Password: **********
PIX-Shanghai# show run
: Saved
:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
na meif ethernet1 inside security100
enable password S2MnpAQ0MxnL encrypted
passwd pAQ0MxOQLJnL encrypted
hostname PIX-Shanghai
domain-name ciscofan.com
fixup protocol ftp21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 218.242.194.97 www.ciscofan.com
object-group network LAN_Interne_ICE
network-object 128.1.0.0 255.255.0.0
network-object 10.101.0.0 255.255.0.0
network-object 10.102.0.0 255.254.0.0
network-object 10.104.0.0 255.248.0.0
network-object 10.112.0.0 255.252.0.0
network-object 10.116.0.0 255.254.0.0
network-object 192.168.10.0 255.255.254.0
network-object 192.168.12.0 255.255.252.0
network-object 192.168.16.0 255.255.240.0
network-object 192.168.32.0 255.255.240.0
network-object 192.168.48.0 255.255.254.0
network-object 192.168.50.0 255.255.255.0
object-group network LAN_Remota
network-object 10.200.62.0 255.255.255.0
access-list acl_out permit ip any any
access-list acl_out permit icmp any any
access-list acl_in permit ip any any
access-list acl_in permit icmp any any
access-list acl_nat0 permit ip object-group LAN_Remota object-group LAN_Interne_
ICE
access-list cryptomap permit ip object-group LAN_Remota object-group LAN_Interne
_ICE
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host outside 212.17.199.170
icmp permit host 212.17.199.170 outside
icmp permit host 212.17.199.198 outside
icmp permit host 217.56.45.123 outside
icmp permit host 217.56.45.122 outside
icmp permit host 80.23.50.226 outside
icmp permit host 212.17.199.167 outside
icmp permit host 217.17.199.198 outside
icmp permit host 80.20.218.100 outside
icmp permit host 80.20.218.108 outside
icmp permit host 211.152.x.x outside
mtu outside 1500
mtu inside 1500
ip address outside 211.152.x.x 255.255.255.240
ip address inside 10.200.62.1 255.255.255.0
ip audit name ids_attack attack action drop reset
ip audit interface outside ids_attack
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 211.152.x.x
nat (inside) 0 access-list acl_nat0
nat (inside) 1 10.200.62.0 255.255.255.0 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 211.152.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp server 193.204.114.232 source outside
http server enable
http 212.17.199.170 255.255.255.255 outside
http 212.17.199.198 255.255.255.255 outside
http 217.56.45.123 255.255.255.255 outside
http 217.56.45.122 255.255.255.255 outside
snmp-server host outside 212.17.199.170
snmp-server host outside 212.17.199.198
no snmp-server location
no snmp-server contact
snmp-server community ciscofanvpn
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address cryptomap
crypto map outside_map 20 set peer 213.215.136.251
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 120 kilobyte
s 4608000
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 120
ca identity ca1 www.ciscofan.com:/certsrv/mscep/mscep.dll
ca configure ca1 ra 1 20 crloptional
telnet timeout 5
ssh 212.17.199.170 255.255.255.255 outside
ssh 212.17.199.198 255.255.255.255 outside
ssh 217.56.45.123 255.255.255.255 outside
ssh 217.56.45.122 255.255.255.255 outside
ssh 80.23.50.226 255.255.255.255 outside
ssh 212.17.199.167 255.255.255.255 outside
ssh 80.20.218.100 255.255.255.255 outside
ssh 80.20.218.108 255.255.255.255 outside
ssh timeout 60
console timeout 0
terminal width 80
Cryptochecksum:e99eb892f5c2b5d02540352ad9d72cce
: end
PIX-Shanghai#
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。