Cisco防火墙的安装流程Word格式文档下载.docx
《Cisco防火墙的安装流程Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《Cisco防火墙的安装流程Word格式文档下载.docx(9页珍藏版)》请在冰豆网上搜索。
enable,进入特权模式,此时系统提示为pixfirewall#。
4.
configure
terminal,对系统进行初始化设置。
5.
配置以太口参数:
interface
ethernet0
auto
(auto选项表明系统自适应网卡类型
)
ethernet1
6.
配置内外网卡的IP地址:
ip
address
inside
ip_address
netmask
outside
7.
指定外部地址范围:
global
1
ip_address-ip_address
8.
指定要进行要转换的内部地址:
nat
9.
设置指向内部网和外部网的缺省路由
route
0
inside_default_router_ip_address
outside_default_router_ip_address
10.
配置静态IP地址对映:
static
ip_address
11.
设置某些控制选项:
conduit
global_ip
port[-port]
protocol
foreign_ip
[netmask]
指的是要控制的地址
port
指的是所作用的端口,其中0代表所有端口
指的是连接协议,比如:
TCP、UDP等
表示可访问global_ip的外部ip,其中表示所有的ip。
12.
设置telnet选项:
telnet
local_ip
[netmask]
表示被允许通过telnet访问到pix的ip地址(如果不设此项,
PIX的配
置只能由consle方式进行)。
13.
将配置保存:
wr
mem
14.
几个常用的网络测试命令:
#ping
#show
查看端口状态
查看静态地址映射
pix515接入实例
日期:
2005-3-7
浏览次数:
6625
pix>
enable
pix#conft
pix(config)enablepasswordciscoencry
pix(config)#interfaceeth0auto
pix(config)#interfaceeth1auto
pix(config)#interfaceeth2auto
pix(config)#nameife2DMZsecurity50
pix(config)#ipaddinside10.110.245.1255.255.255.0
pix(config)#ipaddoutside211.137.252.192255.255.255.240
pix(config)#ipadddmz10.11.0.245255.255.255.0
pix(config)#static(dmz,outside)tcp211.137.252.19580192.168.0.2980netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.195443192.168.0.29443netmask255.255.255.25500
conduitpermittcphost211.137.252.195eq80any
conduitpermittcphost211.137.252.195eq443any
;
web服务器的静态映射
pix(config)#static(dmz,outside)tcp211.137.252.19680192.168.0.3480netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.196443192.168.0.34443netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.19625192.168.0.3425netmask255.255.255.25500
conduitpermittcphost211.137.252.196eq80any
conduitpermittcphost211.137.252.196eq443any
conduitpermittcphost211.137.252.196eq25any
邮件服务器的静态映射
pix(config)#static(dmz,outside)tcp211.137.252.19780192.168.0.2080netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.197554192.168.0.20554netmask255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.1971755192.168.0.201755netmask255.255.255.25500
pix(config)#static(dmz,outside)udp211.137.252.1971755192.168.0.201755netmask255.255.255.25500
pix(config)#static(dmz,outside)udp211.167.252.1975005192.168.0.205005netmask255.255.255.25500
conduitpermittcphost211.137.252.197eq80any
conduitpermittcphost211.137.252.197eq554any
conduitpermittcphost211.137.252.197eq1755any
conduitpermitudphost211.137.252.197eq1755any
conduitpermitudphost211.137.252.197eq5005any
配置vod1服务器的静态映射
pix(config)#static(dmz,outside)tcp211.137.252.19880192.168.0.2180netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.198554192.168.0.21554netmask255.255.255.25500
pix(config)#static(dmz,outside)tcp211.137.252.1981755192.168.0.211755netmask255.255.255.25500
pix(config)#static(dmz,outside)udp211.137.252.1981755192.168.0.211755netmask255.255.255.25500
pix(config)#static(dmz,outside)udp211.137.252.1985005192.168.0.215005netmask255.255.255.25500
conduitpermittcphost211.137.252.198eq80any
conduitpermittcphost211.137.252.198eq554any
conduitpermittcphost211.137.252.198eq1755any
conduitpermitudphost211.137.252.198eq1755any
conduitpermitudphost211.137.252.198eq5005any
配置vod2服务器的静态映射
pix(config)#ipaccess-listextendedmz
pix(config)#permittcp192.168.0.200.0.0.3800110.110.245.410.0.0.38001
pix(config)#permittcp192.168.0.200.0.0.3800210.110.245.410.0.0.38002
对DMZ区中的两台流媒体服务器开放对这3台服务器在8001、8002端口上(皆为TCP端口)的入站请求
pix(config)#permittcp192.168.0.250.0.0.75310.110.245.100.0.0.353
pix(config)#permittcp192.168.0.250.0.0.78810.110.245.100.0.0.388
pix(config)#permittcp192.168.0.250.0.0.713510.110.245.100.0.0.3135
pix(config)#permittcp192.168.0.250.0.0.713710.110.245.100.0.0.3137
pix(config)#permittcp192.168.0.250.0.0.713910.110.245.100.0.0.3139
pix(config)#permittcp192.168.0.250.0.0.738910.110.245.100.0.0.3389
pix(config)#permittcp192.168.0.250.0.0.744510.110.245.100.0.0.3445
pix(config)#permittcp192.168.0.250.0.0.763610.110.245.100.0.0.3636
pix(config)#permittcp192.168.0.250.0.0
升级会员 