Nhiệm vụ 2: cấu hình các giao diện PIXFirewall

Một phần của tài liệu Network Security and The Cisco PIX Firewall P5 (Trang 38 - 41)

Để cấu hình giao diện Ethernet, hoàn thành các bước sau:

Bước 1: thay đổi chế độ cấu hình

pixP# configure terminal

Bước 2: gán giao diện DMZ một tên DMZ và mức an ninh là 50

pixP(config)# nameif e2 dmz security50 pixP(config)# show nameif

nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 nameif ethernet5 intf5 security25

Bước 3: Cho phép giao diện Ethernet 0, Ethernet 1, Ethernet 2 truyền thông ở tốc độ song công hoàn toàn 100Mbps

Note: mặc định các giao diện bị tắt. Bạn cần kích hoạt tất cả các giao diện bạn

muốn sử dụng

pixP(config)# interface e0 100full pixP(config)# interface e1 100full pixP(config)# interface e2 100full pixP(config)# show interface

interface ethernet0 "outside" is up, line protocol is up Hardware is i82558 ethernet, address is 0090.2724.fd0f IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 10000 Kbit half duplex 0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

interface ethernet1 "inside" is up, line protocol is up Hardware is i82558 ethernet, address is 0090.2716.43dd IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 100000 Kbit full duplex 184 packets input, 15043 bytes, 0 no buffer Received 179 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

interface ethernet2 "dmz" is up, line protocol is up

Hardware is i82558 ethernet, address is 0090.2725.060d IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 10000 Kbit half duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

interface ethernet3 "intf3" is administratively down, line protocol is down Hardware is i82558 ethernet, address is 0090.2716.43dc

IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 100000 Kbit full duplex 184 packets input, 15043 bytes, 0 no buffer

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

interface ethernet4 "intf4" is administratively down, line protocol is down Hardware is i82558 ethernet, address is 0090.2716.43db

IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 100000 Kbit full duplex 184 packets input, 15043 bytes, 0 no buffer Received 179 broadcasts, 0 runts, 0 giants (adsbygoogle = window.adsbygoogle || []).push({});

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

interface ethernet5 "intf5" is administratively down, line protocol is down Hardware is i82558 ethernet, address is 0090.2716.43da

IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 100000 Kbit full duplex 184 packets input, 15043 bytes, 0 no buffer Received 179 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

Bước 4: gán địa chỉ IP cho các card giao diện inside, outside và DMZ

pixP(config)# ip address outside 192.168.P.2 255.255.255.0 pixP(config)# ip address inside 10.0.P.1 255.255.255.0 pixP(config)# ip address dmz 172.16.P.1 255.255.255.0

(P = pod number)

Bước 5: Đảm bảo các địa chỉ IP được cấu hình đúng và kết hợp đúng với các giao diện mạng

pixP(config)# show ip address

System IP Addresses: ip address outside 192.168.P.2 255.255.255.0 ip address inside 10.0.P.1 255.255.255.0 ip address dmz 172.16.P.1 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip address intf5 127.0.0.1 255.255.255.255 Current IP Addresses: ip address outside 192.168.P.2 255.255.255.0 ip address inside 10.0.P.1 255.255.255.0 ip address dmz 172.16.P.1 255.255.255.0 ip address intf3 0.0.0.0 0.0.0.0 ip address intf4 0.0.0.0 0.0.0.0 ip address intf5 0.0.0.0 0.0.0.0

Bước 6: Ghi lại cấu hình vào bộ nhớ Flash

pixP(config)# write memory

Building configuration...

Cryptochecksum: d4d9ae69 9f7c734c babeef58 54b69c91

Một phần của tài liệu Network Security and The Cisco PIX Firewall P5 (Trang 38 - 41)

(47 trang)