扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
基本配置步骤
1. 用Null Modem(DTE—DTE)线连接Console口(9600-N-8-1)
2. 进入Enable,用enable(第一次口令为空)
3. 进入配置状态,用configure terminal
4. 配置Telnet和Enable口令 Telnet:passwd xxxxxxx
Enable: enable passwd xxxxxxx
5. 配置Hostname,用hostname pix
6. 配置Ethernet Interface interface ethernet outside auto(外部网卡类型)
interface ethernet inside auto(内部网卡类型) ip address inside 10.1.1.1 255.255.0.0(内部网卡IP) ip address outside 192.31.7.1 255.255.255.0(外部网卡IP)
7. 配置Global IP,用global 1 192.31.7.128-192.31.7.252
8. 配置NATIP,用nat 1 10.1.0.0 255.255.0.
9. 配置Route
10. 限制Telnet到PIX的主机IP(只能是私有IP),用telnet 10.1.1.252 255.255.255.255
11. 保存配置,用write memory
12. 退出,用quit
可选配置
1. 配置SYSLOGsyslog output 20.7 facility = Local4 (20) Level = debug (7)
no syslog console
syslog host 10.1.1.254
2. 配置Static IP及
对外Web服务 Static: static 192.31.7.254 10.1.1.254
conduit 192.31.7.254 80 tcp 0.0.0.0 0.0.0.0 (允许外部Host访问Web端口)
3. 配置Mailhost
Mailhost: mailhost 192.31.7.253 10.1.1.253
conduit 192.31.7.253 25 tcp 0.0.0.0 0.0.0.0 (允许外部Host访问SMTP端口)
4. 配置Access
Control
(缺省不配置)
outbound 10 deny 0.0.0.0 0.0.0.0 (deny所有Tcp访问)
outbound 10 permit 0.0.0.0 0.0.0.0 21 (permit所有Ftp访问)
outbound 10 permit 0.0.0.0 0.0.0.0 23 (permit所有Telnet访问)
outbound 10 permit 0.0.0.0 0.0.0.0 110 (permit所有POP3访问)
outbound 10 permit 10.1.1.253 255.255.255.255 25(permit该IP访问外部SMTP主机)
apply 10 outgoing_src (使Access Control生效,以源地址为控制对象)
附:配置文件:
: Saved
:
PIX Version 4.0.7
enable password Pq3YLuPkVBVUDLjn encrypted
passwd C4kSfJjCHk1gkyo7 encrypted
hostname pix
failover
names
syslog output 20.7
no syslog console 配置SYSLOG
syslog host 10.1.1.254
interface ethernet outside auto
interface ethernet inside auto
ip address inside 10.1.1.1 255.255.0.0 配置Ethernet Interface
ip address outside 192.31.7.1 255.255.255.0
arptimeout 14400
global 1 192.31.7.128-192.31.7.252
nat 1 10.1.0.0 255.255.0.0
static 192.31.7.254 10.1.1.254
mailhost 192.31.7.253 10.1.1.253
conduit 192.31.7.254 80 tcp 0.0.0.0 0.0.0.0
conduit 192.31.7.253 25 tcp 0.0.0.0 0.0.0.0
outbound 10 deny 0.0.0.0 0.0.0.0
outbound 10 permit 0.0.0.0 0.0.0.0 21
outbound 10 permit 0.0.0.0 0.0.0.0 23
outbound 10 permit 0.0.0.0 0.0.0.0 110 配置Access Control
outbound 10 permit 10.1.1.253 255.255.255.255 25
apply 10 outgoing_src
age 10
no ripoutside passive
no rip outside default
no rip inside passive 配置Route
no rip inside default
route outside 0.0.0.0 0.0.0.0 192.31.7.1 1
route inside 0.0.0.0 0.0.0.0 10.1.1.1 1
timeout xlate 1:00:00 conn 12:00:00 udp 1:00:00
timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
no snmp-server location
no snmp-server contact
telnet 10.1.1.252 255.255.255.255
mtu outside 1500
mtu inside 1500
: end
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。