以前一直搞思科设备,现在把PIX防火墙基本配置命令供大家参考参考,基本上用完此命令后,就可以实现网络访问功能。
PIX1(config)#show run
PIX1(config)#enable password cisco (telnet 密码)
PIX1(config)#0.0.0.0 0.0.0.0 telnet(为inside内部用户创建telnet连接)
PIX1(config)#0.0.0.0 0.0.0.0 telnet(为inside内部用户创建telnet连接)
PIX1(config)#password cisco (console 密码)
PIX1(config)#name if ethernet0 outside security 0 (定义端口和安全级别)
PIX1(config)#name if ethernet1 inside security 100
PIX1(config)#name if ethernet2 dmz security 50
PIX1(config)#name if ethernet1 inside security 100
PIX1(config)#name if ethernet2 dmz security 50
PIX1(config)#interface eth0 auto (打开端口,如同no shutdown)
PIX1(config)#ip add outside 202.102.34.12 255.255.255.0(为outside创建地址)
PIX1(config)#ip add inside 192.168.1.1 255.255.255.0
PIX1(config)#ip add dmz 172.16.0.1 255.255.255.0
PIX1(config)#ip add inside 192.168.1.1 255.255.255.0
PIX1(config)#ip add dmz 172.16.0.1 255.255.255.0
PIX1(config)#route outside 0 0 202.102.34.13 (设置静态路由)
PIX1(config)#nat {inside} 1 192.168.1.0 255.255.255.0 (定义内部要nat的地址)
PIX1(config)#global {outside} 1 interface (在outside接口做PAT)
PIX1(config)#global {outside} 1 interface (在outside接口做PAT)
PIX1(config)#access-list "name" permit icmp any any (允许ping)
PIX1(config)#access-group "name" in interface outside (在outside端口应用acl)
PIX1(config)#access-group "name" in interface outside (在outside端口应用acl)
PIX1(config)#static (inside,outside) tcp 202.102.34.12 80 192.168.1.100 80 (端口映射)
PIX1(config)#access-list "name" permit tcp any 192.168.1.100 80
PIX1(config)#access-group "name" in interface outside
PIX1(config)#access-list "name" permit tcp any 192.168.1.100 80
PIX1(config)#access-group "name" in interface outside
本文转自 chinaperrylee 51CTO博客,原文链接:http://blog.51cto.com/perry/145781,如需转载请自行联系原作者
