收藏
下载资源

思科防火墙登陆及设置过程.doc

上传人:壹****1 文档编号:560161148 上传时间:2023-01-04 格式:DOC 页数:13 大小:332.51KB
返回 下载 相关 举报
思科防火墙登陆及设置过程.doc_第1页
第1页 / 共13页
思科防火墙登陆及设置过程.doc_第2页
第2页 / 共13页
思科防火墙登陆及设置过程.doc_第3页
第3页 / 共13页
思科防火墙登陆及设置过程.doc_第4页
第4页 / 共13页
思科防火墙登陆及设置过程.doc_第5页
第5页 / 共13页
点击查看更多>>
资源描述

《思科防火墙登陆及设置过程.doc》由会员分享,可在线阅读,更多相关《思科防火墙登陆及设置过程.doc(13页珍藏版)》请在金锄头文库上搜索。

1、一、防火墙登陆过程telnet 192.168.0.1 输入:123用户名:en密码:srmciscoConf tShow run二、公网IP与内网IP映射:static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0三、再打开端口:输入以下一笔命今如access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口)access-list acl-out permit tcp any host 61.142.114.

2、183 eq 5900 (打开外部5900端口)access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口)access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口)access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口)access-list acl-in permit tcp any host 61.142.114.183

3、 eq 5800 (打开内部5800端口)四、登出防火墙:logout五、增加上网电脑1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)2、arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址)六、取消上网电脑1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)2、no arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址

4、)七、增加可以远程控制防火墙电脑telnet 192.168.0.188 255.255.255.255 inside八、保存已做改动设置wr me九、以下为现存防火墙配置。以下每行即为一行命今,如果不见可以从以下黑体字中COPY,进入后粘添,然后保存即可。User Access VerificationPassword:Type help or ? for a list of available commands.pix515 conf tType help or ? for a list of available commands.pix515 enPassword:Invalid pas

5、swordPassword: *pix515# conf tpix515(config)# show run: Saved:PIX Version 6.3(1)interface ethernet0 autointerface ethernet1 autonameif ethernet0 outside security0nameif ethernet1 inside security100enable password gzE5ZoPZ4Fffph7. encryptedpasswd PLBb27eKLE1o9FTB encryptedhostname pix515domain-name f

6、ixup protocol ftp 21fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol http 80fixup protocol ils 389fixup protocol rsh 514fixup protocol rtsp 554fixup protocol sip 5060fixup protocol sip udp 5060fixup protocol skinny 2000no fixup protocol smtp 25fixup protocol sqlnet 1521na

7、mesaccess-list acl-out permit ip any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq pop3access-list acl-out permit tcp any host 61.142.114.180 eq smtpaccess-list acl-out permit tcp any host 61.142.114.181 eq ftpaccess-list acl-out deny tcp any any eq 135access-list acl-out deny udp any

8、 any eq 135access-list acl-out deny udp any any eq 139access-list acl-out deny tcp any any eq netbios-ssnaccess-list acl-out deny tcp any any eq 445access-list acl-out deny udp any any eq 445access-list acl-out deny udp any any eq 593access-list acl-out deny tcp any any eq 593access-list acl-out den

9、y tcp any any eq 5554access-list acl-out deny udp any any eq 5554access-list acl-out deny udp any any eq 5445access-list acl-out deny tcp any any eq 5445access-list acl-out deny tcp any any eq 9996access-list acl-out deny icmp any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq wwwacces

10、s-list acl-out permit tcp any host 61.142.114.179 eq wwwaccess-list acl-out permit tcp any host 61.142.114.182 eq wwwaccess-list acl-out permit tcp any host 61.142.114.181 eq wwwaccess-list acl-out permit tcp any host 61.142.114.182 eq 5800access-list acl-out permit tcp any host 61.142.114.182 eq 59

11、00access-list acl-out permit tcp any host 61.142.114.182 eq 1433access-list acl-in deny icmp any anyaccess-list acl-in permit tcp any host 61.142.114.180 eq pop3access-list acl-in permit tcp any host 61.142.114.180 eq smtpaccess-list acl-in permit tcp any host 61.142.114.180 eq wwwaccess-list acl-in

12、 permit tcp any host 61.142.114.179 eq wwwaccess-list acl-in permit tcp any host 61.142.114.182 eq wwwaccess-list acl-in permit tcp any host 61.142.114.181 eq wwwaccess-list acl-in permit tcp any host 61.142.114.181 eq ftpaccess-list acl-in permit tcp any host 61.142.114.182 eq 1433access-list acl-i

13、n permit tcp any host 61.142.114.182 eq 5900access-list acl-in permit tcp any host 61.142.114.182 eq 5800pager lines 24mtu outside 1500mtu inside 1500ip address outside 61.142.114.178 255.255.255.248ip address inside 192.168.0.1 255.255.255.0ip audit info action alarmip audit attack action alarmpdm

14、history enablearp inside 192.168.1.253 0040.d080.57ad aliasarp inside 192.168.9.242 0006.1bd8.bb7b aliasarp inside 192.168.0.242 0006.1bd8.bb7b aliasarp inside 192.168.1.141 0006.1bc1.0ac8 aliasarp inside 192.168.9.6 000f.3d80.e85a aliasarp inside 192.168.1.225 0040.d080.57ad aliasarp inside 192.168

15、.9.145 000f.ea0d.6d3b aliasarp inside 192.168.7.168 0014.8522.6f31 aliasarp inside 192.168.8.153 0011.430e.031c aliasarp inside 192.168.9.126 0002.2ef2.7340 aliasarp inside 192.168.0.14 0003.9988.5d32 aliasarp inside 192.168.0.16 000f.eaf8.46aa aliasarp inside 192.168.3.11 0050.ba11.7dc4 aliasarp inside 192.168.2.18 000f.ea25.1b36 aliasarp inside 192.168.5.32 000f.ea0d.780e aliasarp inside 192.168.2.6 0011.1124.098d aliasarp inside 192.168.1.34 0040.0546.90f0 aliasarp inside 192.168.5.

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 生活休闲 > 社会民生

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号