《有关加装防火墙前后路由器配置.doc》由会员分享,可在线阅读,更多相关《有关加装防火墙前后路由器配置.doc(7页珍藏版)》请在金锄头文库上搜索。
1、相关加装防火墙前后的路由器配置在这里我叙述一下对于加装防火墙前后的路由配置变化,由于在原来没有防火墙的状况下,路由既起到路由选择的作用,又起到网关的作用。当加装防火墙的后,局域网的网关就设为防火墙的局域网IP 地点。要改正路由第一仍是先看该网络的拓扑构造。在这里我所描绘的是这样拓扑构造:图 1一、先将进入路由器设置将本来的配置备份一份,固然这一份备份此后不必定用的上,但是万一防火墙安装失败呢?图 2下边为没有安装防火墙从前的路由器配置状况。User Access VerificationPassword:(键入 TELNET密码,假如你是直接用CONSOLE口进入没有此项提示)Routeren
2、Password:Router#show config (观察 ROUTER配置状况命令)Using 810 out of 7506 bytes!version 12.1service timestamps debug uptimeservice timestamps log uptimeno service password-encryption !hostname Router (ROUTER名字,这里为默认名字 ROUTER)!enable secret 5 $1$FreK$4oQGtvDEF1jv8dh3NNXnN0.no ip address1 / 7shutdown!interfa
3、ce Serial0bandwidth 2048此(为定义 ROUTER外面接口的 IP表示此合法的INTERNET-IP)ip classlessno ip http servertransport input noneline vty 0 1password 123456login!endRouter#二、依据图 1 装上防火墙。将从路由器到互换机上的线,改为先从路由器到防火墙,而后用防火墙的 E0 口接互换机。图 3进入路由器配置模式改正,将路由器的配置改为:Using 942 out of 7506 bytes!version 12.1service timestamps debug
4、uptimeservice timestamps log uptimeservice password-encryption!hostname router!enable secret 5 $1$FreK$4oQGtvDEF1jv8dh3NNXnN02 / 7set transform-set testmatch address 100no ip addressip nat insideno ip route-cacheno ip mroute-cacheshutdown!interface Serial0bandwidth 2048ip nat outsideencapsulation pp
5、pno ip route-cacheno ip mroute-cache!ip classlessip http server!route-map nonat permit 10match ip address 110!line con 0transport input none3 / 7line vty 0 4password 123456login!end三、这时候,你能够配置你的防火墙了,以下是防火墙的配置状况:PIX Version 5.1(2)hostname imrac_pixfixup protocol ftp 21fixup protocol http 80fixup prot
6、ocol h323 1720fixup protocol rsh 514fixup protocol smtp 25no nameslogging onno logging timestampno logging standbyno logging console4 / 7no logging monitorno logging bufferedno logging traplogging facility 20logging que 512mtu outside 1500mtu inside 1500mtu pix/intf2 1500failover timeout 0:00:00arp
7、timeout 14400nat (inside) 0 access-list 1005 / 7timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00timeout rpc 0:10:00 h323 0:05:00aaa-server RADIUS protocol radiusno snmp-server locationno snmp-server contactno snmp-server enable trapsfloodguard enablesysopt connection permit-ipseccr
8、ypto ipsec transform-set trans esp-des esp-md5-hmaccrypto map vpnmap 40 ipsec-isakmp crypto map vpnmap 40 match address 100 crypto map vpnmap 40 set transform-set trans crypto map vpnmap interface outsideisakmp enable outsideisakmp identity addressisakmp policy 1 authentication pre-shareisakmp policy 1 encryption desisakmp policy 1 hash md5isakmp policy 1 group 1isakmp policy 1 lifetime 864006 / 7terminal width 80Cryptochecksum:7fdb7e32bf49a65a77 / 7
