结构图如下:
PIX 520
Two Interface Multiple Server Configuration
nameif ethernet0 outside security0
nameif ethernet0 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address inside 10.1.1.1 255.0.0.0
ip address outside 204.31.17.10 255.255.255.0
logging on
logging host 10.1.1.11
logging trap 7
logging facility 20
no logging console
arp timeout 600
nat (inside) 1 10.0.0.0 255.0.0.0
nat (inside) 2 192.168.3.0 255.255.255.0
global (outside) 1 204.31.1.25-204.31.17.27
global (outside) 1 204.31.1.24
global (outside) 2 192.159.1.1-192.159.1.254
conduit permit icmp any any
outbound 10 deny 192.168.3.3 255.255.255.255 1720
outbound 10 deny 0 0 80
outbound 10 permit 192.168.3.3 255.255.255.255 80
outbound 10 deny 192.168.3.3 255.255.255.255 java
outbound 10 permit 10.1.1.11 255.255.255.255 80
apply (inside) 10 outgoing_src
no rip outside passive
no rip outside default
rip inside passive
rip inside default
route outside 0 0 204.31.17.1.1
tacacs-server host 10.1.1.12 lq2w3e
aaa authentication any inside 192.168.3.0 255.255.255.0 0 0 tacacs+
aaa authentication any inside 192.168.3.0 255.255.255.0 0 0
static (inside,outside) 204.31.19.0 192.168.3.0 netmask 255.255.255.0
conduit permit tcp 204.31.19.0 255.255.255.0 eg h323 any
static (inside,outside) 204.31.17.29 10.1.1.11
conduit permit tcp host 204.31.17.29 eq 80 any
conduit permit udp host 204.31.17.29 eq rpc host 204.31.17.17
conduit permit udp host 204.31.17.29 eq 2049 host 204.31.17.17
static (inside.outside) 204.31.1.30 10.1.1.3 netmask 255.255.255.255 10 10
conduit permit tcp host 204.31.1.30 eq smtp any
conduit permit tcp host 204.31.1.30 eq 113 any
snmp-server host 192.168.3.2
snmp-server location building 42
snmp-server contact polly hedra
snmp-server community ohwhatakeyisthee
telnet 10.1.1.11 255.255.255.255
telnet 192.168.3.0 255.255.255.0
posted on 2007-03-06 08:58 kangnet 阅读(2068)
评论(0) 编辑 收藏