1. Trang chủ
  2. » Công Nghệ Thông Tin

Giáo trình Advanced Certificate in Information Technology - Sanlein part 60 pps

5 157 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 106,83 KB

Nội dung

fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list aclout deny tcp any any eq www access-list aclout permit tcp 10.10.10.0 255.255.255.0 host 209.162.1.2 eq telnet access-list aclout permit tcp host 10.10.10.10 host 172.16.1.2 eq www access-list aclout permit ip any any pager lines 24 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside 209.162.1.1 255.255.255.0 ip address inside 10.10.10.1 255.255.255.0 ip address dmz 172.16.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 209.162.1.30 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (dmz,outside) 209.162.1.10 172.16.1.2 netmask 255.255.255.255 0 0 static (inside,outside) 209.162.1.9 10.10.10.10 netmask 255.255.255.255 0 0 static (inside,dmz) 172.16.1.5 10.10.10.10 netmask 255.255.255.255 0 0 access-group aclout in interface inside conduit permit tcp host 209.162.1.10 eq www any conduit permit tcp host 209.162.1.9 eq www any conduit permit tcp host 209.162.1.9 eq telnet any conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 209.162.1.2 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 2 ssh timeout 5 terminal width 80 Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e : end 2503#sh run Building configuration Current configuration : 569 bytes version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname 2503 enable password cisco ip subnet-zero interface Loopback0 ip address 192.168.1.1 255.255.255.0 interface Ethernet0 ip address 209.162.1.2 255.255.255.0 interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown interface BRI0 no ip address shutdown ip classless ip http server line con 0 line aux 0 line vty 0 4 no login end dmz#sh run Building configuration Current configuration : 569 bytes version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname dmz enable password cisco ip subnet-zero interface Ethernet0 ip address 172.16.1.2 255.255.255.0 interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown interface BRI0 no ip address shutdown ip classless ip http server line con 0 line aux 0 line vty 0 4 no login end Cấu hình từng bước : 1. Command-line interface ; Khi truy cập vào Pix sẽ vào mode unprivileged , sử dụng enable command để vào mode privileged pixfirewall>enable password : => trước khi vào mode enable , pix sẽ yêu cầu nhập password , mặc định là không có password nào cả , chỉ cần nhấn enter pixfirewall#disable pixfirewall> ß sử dụng disable để đưa pix về mode unprivileged pixfirewall> ? ð để xem những lệnh nào có thể dùng được ở mode này . pixfirewall#configure terminal pixfirewall(config)# ð Pix đang ở trong mode configuration , tại đây ta có thể cấu hình mọi thứ cho PIX . ð Tất cả câu lệnh sử dụng ở hai mode unprivileged và privileged đều có thể được sử dụng ở mode này . Trước khi vào cấu hình sử dụng show run command để xem cấu hình mặc định của PIX pixfirewall# sh run => hoặc có thể sử dụng write terminal command để xem : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface ethernet0 auto shutdown interface ethernet1 auto shutdown interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside 127.0.0.1 255.255.255.255 ip address inside 127.0.0.1 255.255.255.255 ip address dmz 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 pdm history enable arp timeout 14400 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 . shutdown no fair-queue interface Serial1 no ip address shutdown interface BRI0 no ip address shutdown ip classless ip http server line con 0 line aux 0 line vty 0 4 no login end dmz#sh. address shutdown ip classless ip http server line con 0 line aux 0 line vty 0 4 no login end Cấu hình từng bước : 1. Command-line interface ; Khi truy cập vào Pix sẽ vào mode unprivileged. terminal width 80 Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e : end 2503#sh run Building configuration Current configuration : 569 bytes version 12.1 no service single-slot-reload-enable

Ngày đăng: 07/07/2014, 23:20

TỪ KHÓA LIÊN QUAN