设为首页收藏本站
切换到窄版

博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
博威---云架构决胜云计算»广场 云计算 华为技术 一份较全的PIX7.2配置文件
返回列表 发新帖
查看: 1894|回复: 1

一份较全的PIX7.2配置文件

[复制链接]
发表于 2008-4-9 14:37:34 | 显示全部楼层 |阅读模式
一份较全的PIX7.2配置文件
:Saved
:
PIXVersion7.2(1)
!
hostnamepix515e
domain-namecisco
enablepasswordN7FecZuSHJlVZC2Pencrypted
做名字解析
****************************************************
names
name10.64.64.113chengxiaojie
name10.64.64.13dhcp
name10.64.64.71liuyongjun
name10.64.64.72liuyongjun-ibm
name10.64.64.39lixiaoliang
name10.64.64.103lixuesong
name10.64.64.17lulianying
name10.64.64.92qizuomeng
name10.64.64.69wangzhili
name10.64.64.105xingzhonghe
name10.64.64.45tanjun
name10.64.64.108zhangyi
name10.64.64.178hujian
name10.64.64.93ibm220
name10.64.64.62jiling
name10.64.64.111yangliu
name10.64.64.112wangsishen
name10.64.64.158wangyuguo
name10.64.64.52lishihai
name10.64.64.78office-teacher
name10.64.64.48yangjin
name10.64.64.104wutao
name10.64.64.63zangdong
name10.64.64.80xiaoguangyue
name10.64.64.14ibm235
name10.64.64.222lixuesong-dell
name10.64.64.75maxiaopeng
name10.64.64.215lintao
name10.64.64.199machi
name10.64.64.216liuxuesong
name10.64.64.246jiachangjing
name10.64.64.61chufw
****************************************************
!
interfaceEthernet0
nameifoutside
security-level0
ipaddressX.X.76.26255.255.255.0
!
interfaceEthernet1
nameifinside
security-level100
ipaddress10.64.64.2255.255.240.0
!
interfaceEthernet2
nameifdmz
security-level80
ipaddress192.168.0.1255.255.255.0
!
passwdN7FecZuSHJlVZC2Pencrypted
!
time-rangeworktime
periodicdaily8:00to17:00
!
ftpmodepassive
clocktimezoneCST8
dnsdomain-lookupoutside
dnsserver-groupDefaultDNS
name-server219.150.32.132
domain-namecisco
做object-group以便在acl里被调用(注:object-group是个好东东,可以大大简化acl的配置)
****************************************************
object-groupnetworkwww
network-objecthostxingzhonghe
network-objecthostchengxiaojie
network-objecthostdhcp
network-objecthostliuxuesong
network-objecthostwangzhili
network-objecthostliuyongjun
network-objecthostliuyongjun-ibm
network-objecthostlulianying
network-objecthostchufw
network-objecthostjiachangjing
network-objecthostmaxiaopeng
network-objecthost10.64.64.255
object-groupnetworkguest
network-object10.64.66.112255.255.255.240
object-groupnetworkcaiwu
network-object10.64.66.0255.255.255.224
object-groupservicenetmeetingtcp
port-objectrange15031503
port-objectrangeh323h323
object-groupnetworkworktime
network-objecthostwutao
network-objecthostzhangyi
network-objecthostyangliu
network-objecthostwangsishen
network-objecthostwangyuguo
network-objecthost10.64.64.169
network-objecthost10.64.64.18
network-objecthostmachi
network-objecthostlintao
network-objecthostliuxuesong
network-objecthostlixuesong-dell
network-objecthost10.64.64.247
network-objecthost10.64.64.29
network-objecthost10.64.64.30
network-objecthostyangjin
network-objecthostlishihai
network-objecthost10.64.64.55
network-objecthostjiling
network-objecthostoffice-teacher
****************************************************
access-listoutside_access_inextendedpermiticmpanyanyecho-reply
access-listoutside_access_inextendedpermittcpanyanyobject-groupnetmeeting
调用上述的object-group到acl
****************************************************
access-listinside_access_inextendeddenyipany192.168.0.0255.255.255.0
access-listinside_access_inextendedpermitipobject-groupcaiwu192.168.0.0255.255.255.0
access-listinside_access_inextendedpermitipobject-groupwwwany
access-listinside_access_inextendedpermitipobject-groupguestanyinactive
access-listinside_access_inextendeddenytcpanyanyeq1863
access-listinside_access_inextendedpermitiphostlixiaolianghost211.147.77.98
access-listinside_access_inextendedpermitiphostqizuomenghost211.147.77.98
access-listinside_access_inextendedpermitipobject-groupworktimeanytime-rangeworktime
access-listinside_access_inextendedpermitiphostibm235anytime-rangeworktimeinactive
****************************************************
access-listremote_splitTunnelAclstandardpermit10.64.64.0255.255.240.0
access-listinside_nat0_outboundextendedpermitip10.64.64.0255.255.240.01.1.1.0255.255.255.0
access-listoutside_cryptomapextendedpermitipany1.1.1.0255.255.255.0
access-listcaiwu_splitTunnelAclstandardpermit192.168.0.0255.255.255.0
access-listoutside_cryptomap_1extendedpermitipany1.1.1.0255.255.255.0
access-listdmz_nat0_outboundextendedpermitip192.168.0.0255.255.255.01.1.1.0255.255.255.0
pagerlines24
mtuoutside1500
mtuinside1500
mtudmz1500
iplocalpoolremote1.1.1.1-1.1.1.254mask255.255.255.0
iplocalpoolcaiwu2.2.2.1-2.2.2.254mask255.255.255.0
nofailover
asdmimageflash:/asdm.bin
noasdmhistoryenable
把ip和mac绑定
****************************************************
arpinside10.64.64.29000f.b0d8.a504
arpinside10.64.64.247000b.2f04.7dd8
arpinside10.64.64.1690016.17f2.2eb3
arpinsidelintao000a.e6b2.c4c6
arpinsideliuxuesong00e0.4c58.b7cd
arpinsidelishihai000a.e69b.f4dc
arpinsideibm2350009.6ba5.49c5
arpinsidemaxiaopeng000c.764d.6aa8
arpinsidexiaoguangyue0011.09b4.6f25
arpinsidezangdong00e0.4cc1.2a14
arpinsidewutao0013.d47d.0c36
arpinsideoffice-teacher0090.9626.7da7
arpinsideyangjin00e0.4d01.6b1b
arpinsidewangyuguo00e0.4c21.471d
arpinsidewangsishen0015.c50f.92a5
arpinsideyangliu0015.f299.7f6c
arpinsidejiling00e0.4cc1.2a34
arpinsidehujian0011.252f.8613
arpinsideibm2200002.556d.0037
arpinsidejiachangjing00e0.4d01.6b30
arpinsidetanjun0013.7222.5fe5
arpinsidewangzhili000d.6004.c197
arpinsidelixiaoliang0014.782f.b989
arpinsideliuyongjun-ibm0010.c6de.2686
arpinsidelulianying0016.3563.db1b
arpinsideliuyongjun0000.e25a.8580
arpinsidelixuesong0017.3152.8e78
arpinsidechengxiaojie0016.3564.8a6b
arpinsidexingzhonghe00e0.4c60.a8da
arpinsidedhcp0014.5e2b.77b5
arpinsidezhangyi0013.7222.4819
arpinsidelixuesong-dell0018.8ba2.d1c5
arpinsidemachi000a.e6b5.0600
arpinside10.64.64.180015.c510.12d4
****************************************************
arptimeout14400
global(outside)1interface
nat(inside)0access-listinside_nat0_outbound
nat(inside)110.64.64.0255.255.240.0
nat(dmz)0access-listdmz_nat0_outbound
static(inside,outside)tcpinterface1503chufw1503netmask255.255.255.255
static(inside,outside)tcpinterfaceh323chufwh323netmask255.255.255.255
access-groupoutside_access_inininterfaceoutside
应用acl到inside端口
****************************************************
access-groupinside_access_inininterfaceinside
****************************************************
routeoutside0.0.0.00.0.0.0X.X.76.251
timeoutxlate3:00:00
timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02
timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcp-pat0:05:00
timeoutsip0:30:00sip_media0:02:00sip-invite0:03:00sip-disconnect0:02:00
timeoutuauth0:05:00absolute
group-policycaiwuinternal
group-policycaiwuattributes
dns-servervalue219.150.32.132
vpn-tunnel-protocolIPSec
split-tunnel-policytunnelspecified
split-tunnel-network-listvaluecaiwu_splitTunnelAcl
group-policyremoteinternal
group-policyremoteattributes
dns-servervalue219.150.32.132
vpn-tunnel-protocolIPSec
split-tunnel-policytunnelspecified
split-tunnel-network-listvalueremote_splitTunnelAcl
usernamechufwpasswordhs6C0g7Y0Zza/dVNencryptedprivilege15
usernamechufwattributes
vpn-group-policyremote
vpn-framed-ip-address1.1.1.111255.255.255.0
httpserverenable
httpchufw255.255.255.255inside
http219.148.242.228255.255.255.255outside
http219.148.242.227255.255.255.255outside
http1.1.1.111255.255.255.255outside
nosnmp-serverlocation
nosnmp-servercontact
snmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstart
cryptoipsectransform-setESP-3DES-SHAesp-3desesp-sha-hmac
cryptodynamic-mapoutside_dyn_map20settransform-setESP-3DES-SHA
cryptodynamic-mapoutside_dyn_map40settransform-setESP-3DES-SHA
cryptomapoutside_map20ipsec-isakmpdynamicoutside_dyn_map
cryptomapoutside_mapinterfaceoutside
cryptoisakmpenableoutside
cryptoisakmppolicy10
authenticationpre-share
encryption3des
hashsha
group2
lifetime86400
cryptoisakmppolicy65535
authenticationpre-share
encryption3des
hashsha
group2
lifetime86400
cryptoisakmpnat-traversal20
tunnel-groupremotetypeipsec-ra
tunnel-groupremotegeneral-attributes
address-poolremote
default-group-policyremote
tunnel-groupremoteipsec-attributes
pre-shared-key*
tunnel-groupcaiwutypeipsec-ra
tunnel-groupcaiwugeneral-attributes
address-poolremote
default-group-policycaiwu
tunnel-groupcaiwuipsec-attributes
pre-shared-key*
telnetchufw255.255.255.255inside
telnettimeout5
ssh0.0.0.00.0.0.0outside
sshtimeout5
consoletimeout0
!
class-mapinspection_default
matchdefault-inspection-traffic
!
!
policy-maptypeinspectdnspreset_dns_map
parameters
message-lengthmaximum512
policy-mapglobal_policy
classinspection_default
inspectdnspreset_dns_map
inspectftp
inspecth323h225
inspecth323ras
inspectnetbios
inspectrsh
inspectrtsp
inspectskinny
inspectesmtp
inspectsqlnet
inspectsunrpc
inspecttftp
inspectsip
inspectxdmcp
!
service-policyglobal_policyglobal
ntpserver207.46.130.100sourceoutside
tftp-serverinsidechufwpix
prompthostnamecontext
Cryptochecksum:c02e836587f08fa6ce4699df28408774
:end
pix515e#
回复

使用道具 举报

guazi111
发表于 2009-1-8 13:57:41 | 显示全部楼层


谢谢提供
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 03:19 , Processed in 1.751136 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表