通信人家园

标题: [求助]哪位高手能解决？ [查看完整版帖子] [打印本页]

时间: 2005-10-16 11:50

作者: qhqhhh 标题: [求助]哪位高手能解决？

现有一政府网，400多台电脑，要通过CATALYST 4000交换机实现内外网络的隔离，同时还可提供网络地址转换功能，其上再通过一个cisco systems pix520 firewall series防火墙接入到INTERNET网。现在要分配8个外网IP，例如213.95.250.9-213.95.250.15，子网标识为213.95.250.8，同时在防火墙内增加一个邮件服务器。现在的问题是：从没配过cisco systems pix520 firewall series，用户单位也没有资料，请教如何配该防火墙？
以下是cisco systems pix520 firewall series的当前配置：

PIX Version 4.4(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password 2KFQnbNIdI.2KYOU encrypted

passwd UydVfYufgxdNfcwl encrypted

hostname pixfirewall

fixup protocol ftp 21

fixup protocol http 80

fixup protocol smtp 25

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

names

pager lines 24

no logging timestamp

no logging console

no logging monitor

no logging buffered

logging trap debugging

logging facility 20

logging queue 512

interface ethernet0 auto

<--- More --->

interface ethernet1 auto

mtu outside 1500

mtu inside 1500

ip address outside 61.243.121.10 255.255.255.248

ip address inside 192.168.0.1 255.255.255.0

no failover

failover timeout 0:00:00

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

arp timeout 14400

global (outside) 1 61.243.121.11 netmask 255.255.255.248

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit tcp host 61.243.121.11 eq www any

conduit permit tcp host 61.243.121.11 eq smtp any

conduit permit tcp host 61.243.121.11 eq pop3 any

conduit permit tcp host 61.243.121.11 eq domain any

conduit permit tcp host 61.243.121.11 eq 2000 any

established tcp 25 permitto tcp 25 permitfrom tcp 25

established tcp 110 permitto tcp 110 permitfrom tcp 110

established tcp 53 permitto tcp 53 permitfrom tcp 53

established tcp 80 permitto tcp 80 permitfrom tcp 80

outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp

apply (inside) 1 outgoing_src

no rip outside passive

<--- More --->

no rip outside default

rip inside passive

rip inside default

route outside 0.0.0.0 0.0.0.0 61.243.121.9 1

timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00

timeout rpc 0:10:00 h323 0:05:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

telnet timeout 5

no floodguard enable

terminal width 80

Cryptochecksum:79a109013579c0f0003939865ea86656

pixfirewall# show version

PIX Version 4.4(4)

Compiled on Thu 06-Jan-00 16:07 by pixbuild

pixfirewall up 17 days 7 hours

Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz

Flash strata @ base 0x300

0: ethernet0: address is 00d0.b7af.0713, irq 11

1: ethernet1: address is 00d0.b7af.0711, irq 10

Licensed Connections: 128

Serial Number: 18037732

pixfirewall#

[此贴子已经被作者于2005-10-16 11:51:36编辑过]

时间: 2005-10-16 12:36

作者: wansure

路过，不好意思了

时间: 2005-10-21 10:37

作者: legend8179

找配置思科防火墙的资料应该不难吧，根据需求确定安全策略和访问规则，然后配置，也就几条命令，不是很复杂的。

时间: 2005-10-23 00:54

作者: qhqhhh

可是网上也没找到相关资料。路由器的多的是，但防火墙的没有

时间: 2005-10-23 09:43

作者: Tonylu

网上很多资料的。
推荐一个Cisco技术网站吧。
http://www.net130.com/class/cisco_tech/

时间: 2005-10-23 12:01

作者: 中坚分子

挺繁琐的

通信人家园 (https://www.txrjy.com/)