现有一政府网,400多台电脑,要通过CATALYST 4000交换机实现内外网络的隔离,同时还可提供网络地址转换功能,其上再通过一个cisco systems pix520 firewall series防火墙接入到INTERNET网。现在要分配8个外网IP,例如213.95.250.9-213.95.250.15,子网标识为213.95.250.8,同时在防火墙内增加一个邮件服务器。现在的问题是:从没配过cisco systems pix520 firewall series,用户单位也没有资料,请教如何配该防火墙?
以下是cisco systems pix520 firewall series的当前配置:
PIX Version 4.4(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 2KFQnbNIdI.2KYOU encrypted
passwd UydVfYufgxdNfcwl encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
pager lines 24
no logging timestamp
no logging console
no logging monitor
no logging buffered
logging trap debugging
logging facility 20
logging queue 512
interface ethernet0 auto
<--- More --->
interface ethernet1 auto
mtu outside 1500
mtu inside 1500
ip address outside 61.243.121.10 255.255.255.248
ip address inside 192.168.0.1 255.255.255.0
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
arp timeout 14400
global (outside) 1 61.243.121.11 netmask 255.255.255.248
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit tcp host 61.243.121.11 eq www any
conduit permit tcp host 61.243.121.11 eq smtp any
conduit permit tcp host 61.243.121.11 eq pop3 any
conduit permit tcp host 61.243.121.11 eq domain any
conduit permit tcp host 61.243.121.11 eq 2000 any
established tcp 25 permitto tcp 25 permitfrom tcp 25
established tcp 110 permitto tcp 110 permitfrom tcp 110
established tcp 53 permitto tcp 53 permitfrom tcp 53
established tcp 80 permitto tcp 80 permitfrom tcp 80
outbound 1 permit 0.0.0.0 0.0.0.0 0 tcp
apply (inside) 1 outgoing_src
no rip outside passive
<--- More --->
no rip outside default
rip inside passive
rip inside default
route outside 0.0.0.0 0.0.0.0 61.243.121.9 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet timeout 5
no floodguard enable
terminal width 80
Cryptochecksum:79a109013579c0f0003939865ea86656
pixfirewall# show version
PIX Version 4.4(4)
Compiled on Thu 06-Jan-00 16:07 by pixbuild
pixfirewall up 17 days 7 hours
Hardware: SE440BX2, 128 MB RAM, CPU Pentium II 349 MHz
Flash strata @ base 0x300
0: ethernet0: address is 00d0.b7af.0713, irq 11
1: ethernet1: address is 00d0.b7af.0711, irq 10
Licensed Connections: 128
Serial Number: 18037732
pixfirewall#
[此贴子已经被作者于2005-10-16 11:51:36编辑过]
| 
发表于 2005-10-16 11:50:00