欢迎光临shaying110的博客

RSed-ISPing

日志

关于我

shaying110

RS-ISP

文章分类

LOFTER精选

八招诀窍，教你实力撩妹 >

PIX525简单配置

2009-12-02 16:01:43| 分类： CISCO网络 | 标签： |举报 |字号大中小订阅

下载LOFTER 我的照片书 |

PIX525简单配置

//配置密码

enable password pix525 encrypted

passwd pix525 encrypted

//配置接口信息

int eth0 100auto

int eth1 100auot

nameif eth0 outside sec0

nameif eth1 inside sec100

ip add inside 218.249.x.33 255.255.255.224

ip add outside 218.249.y.33 255.255.255.252

//配置主机域名

host testpix525

domain testpix525.com

//产生rsa值，利用ssh连接

ca gen rsa key

ca save all

//配置路由转换和端口映射

nat(inside)0 218.249.x.32 255.255.255.224 0 0

static (inside,outside) 218.249.x.32 218.249.x.32 mask 255.255.255.224

//配置访问列表

access-list outside-acl per icmp any any

......

access-list outside-acl per tcp any host 218.249.x.34 eq www

access-group outside-acl in int outside

//设置静态路由

route outside 0.0.0.0 0.0.0.0 218.249.X.33 1

//设置ssh连接和Web连接

http server enable

http host host_ip outside/inside

ssh host host_ip outside/inside

ssh timeout 5

************************************************************

vpn配置部分

//设置vpn地址池

ip local pool vpnpool 218.249.x.34 netmask 255.255.255.224

//配置IPSEC，在PIX上设置加密算法，加密的接口

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client authent local

crypto map mymap interface outside

//配置IKE，指定认证的方式为PRE-SHARE

isakmp enable outside

isakmp key **** address 0.0.0.0 netmask 0.0.0.0 ---vpncert

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup vpncert address-pool vpnpool

vpngroup vpncert idle-time 1800

vpngroup vpncert password vpncert

username name password pwd

//保存　

wr me

ps:

若PIX内口接口IP和外口接口IP在同一网段时，则两接口的掩码不能一样，且外口掩码必须小于内口掩码

如：一公司分得IP为：218.249.X.32/25

对端接口为:218.249.X.33 (掩码不确定，可能为192) 外口为:218.249.X.36 内口为：218.249.X.37 38 39 40 刚分给了服务器

且对端口和外口不能换时，则外口掩码必须为254，内口掩则为192，

若外口掩码为192时，内口为0，在用static (inside,outside) 218.249.x.32 218.249.x.32 mask

255.255.255.192时断网

可能有问题，但在当时的应用中确实是正常的，没有进行后续跟进。

评论这张

转发至微博

阅读(252)| 评论(0)

推荐转载

历史上的今天

this.p={  m:2,
              b:2,
              loftPermalink:'',
              id:'fks_083064085084080068087087087095081094080068093081081067',
              blogTitle:'PIX525简单配置',
              blogAbstract:'<P style=\"TEXT-INDENT: 2em\"\>PIX525简单配置</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>//配置密码</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>enable password pix525 encrypted</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>passwd pix525 encrypted</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>//配置接口信息</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>int eth0 100auto</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>int eth1 100auot</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>nameif eth0 outside sec0</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>nameif eth1 inside sec100</P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>ip add inside 218.249.x.33 255.255.255.224 </P\>\r\n<P style=\"TEXT-INDENT: 2em\"\>ip add outside 218.249.y.33 255.255.255.252</P\>',
              blogTag:'',
              blogUrl:'blog/static/5817977020091124143399',
              isPublished:1,
              istop:false,
              type:0,
              modifyTime:0,
              publishTime:1259740903399,
              permalink:'blog/static/5817977020091124143399',
              commentCount:0,
              mainCommentCount:0,
              recommendCount:0,
              bsrk:-100,
              publisherId:0,
              recomBlogHome:false,
              currentRecomBlog:false,
              attachmentsFileIds:[],
              vote:{},
              groupInfo:{},
              friendstatus:'none',
              followstatus:'unFollow',
              pubSucc:'',
              visitorProvince:'',
              visitorCity:'',
              visitorNewUser:false,
              postAddInfo:{},
              mset:'000',
              mcon:'',
              srk:-100,
              remindgoodnightblog:false,
              isBlackVisitor:false,
              isShowYodaoAd:false,
              hostIntro:'RS-ISP',
              hmcon:'0',
              selfRecomBlogCount:'0',
              lofter_single:'<iframe width="140" height="560" style="overflow:hidden;" src="http://www.lofter.com/mailEntry.do?blogad=1&blog" frameBorder="0"></iframe>'
            }

{list a as x}
    {if !!x}
    <div class="iblock nbw-fce nbw-f40">
      <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.visitorName}/">
      {if x.visitorName==visitor.userName}
      <img alt="${x.visitorNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.visitorName)}&r=${visitor.imageUpdateTime}"/>
      {else}
      <img alt="${x.visitorNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.visitorName)}"/>
      {/if}
      </a>
      <div class="cwd vname thide">
        {if x.moveFrom=='wap'}
          <a class="noul pnt" target="_blank" href="http://blog.163.com/services/wapblog.html?frompersonalbloghome"><span title="来自网易手机博客" class="iblock wapIcon"> </span></a>
        {elseif x.moveFrom=='iphone'}
          <a class="noul pnt" target="_blank"><span title="来自iPhone客户端" class="iblock iphoneIcon"> </span></a>
        {elseif x.moveFrom=='android'}
          <a class="noul pnt" target="_blank"><span title="来自Android客户端" class="iblock androidIcon"> </span></a>
        {elseif x.moveFrom=='mobile'}
          <a class="noul pnt" target="_blank" href="http://blog.163.com/services/emsblog.html?frompersonalbloghome"><span title="来自网易短信写博" class="iblock wapIcon"> </span></a>
        {/if}
        <a class="fc03 m2a"  target="_blank" hidefocus="true" href="http://blog.163.com/${x.visitorName}/">
          ${fn(x.visitorNickname,8)|escape}
        </a>
      </div>
    </div>
    {/if}
    {/list}

<#--最新日志，群博日志--> <#--推荐日志-->

<p class="fc06">推荐过这篇日志的人：</p>
    <div>
      {list a as x}
      {if !!x}
      <div class="iblock nbw-fce nbw-f40">
        <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.recommenderName}/">
        <img alt="${x.recommenderNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.recommenderName)}"/>
        </a>
        <div class="cwd thide">
          <a class="fc03 m2a" target="_blank" hidefocus="true" href="http://blog.163.com/${x.recommenderName}/">
            ${fn(x.recommenderNickname,6)|escape}
          </a>
        </div>
      </div>
      {/if}
      {/list}
    </div>
    {if !!b&&b.length>0}
    <p  class="fc06">他们还推荐了：</p>
    <ul>
    {list b as y}
      {if !!y}
        <li class="rrb"><span class="iblock">·</span><a class="fc03 m2a" target="_blank" href="http://blog.163.com/${y.recommendBlogPermalink}/?from=blog/static/5817977020091124143399">${y.recommendBlogTitle|escape}</a></li>
      {/if}
    {/list}
    </ul>
    {/if}

<#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇，下一篇--> <#-- 热度 -->

{list a as x}
    {if !!x}
    <div class="hotItem iblock nbw-fce nbw-f40">
      <a class="fc03 noul" target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/">
      {if x.publisherUsername==visitor.userName}
      <img alt="${x.publisherNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.publisherUsername)}&r=${visitor.imageUpdateTime}"/>
      {else}
      <img alt="${x.publisherNickname|escape}" onerror="this.src=location.f40" class="cwd bdwa bdc0" src="${fn1(x.publisherUsername)}"/>
      {/if}
      </a>
      <div class="cwd vname thide">
        <a class="fc03 m2a"  target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/">
          ${fn(x.publisherNickname,8)|escape}
        </a>
      </div>
      <a class="f-myLikeIcons hottype {if x.type==1} js-liketype{elseif x.type==2} js-reblogtype{elseif x.type==3} js-sharetype{else}{/if}" target="_blank" hidefocus="true" href="http://blog.163.com/${x.publisherUsername}/"> </a>
    </div>
    {/if}
    {/list}

<#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->

页脚

我的照片书 - 博客风格 - 手机博客 - 下载LOFTER APP - 订阅此博客

欢迎光临shaying110的博客

导航

日志

PIX525简单配置

历史上的今天

最近读者

热度

评论

页脚