zoukankan      html  css  js  c++  java
  • pix三接口配置

    拓扑

    在这里插入图片描述

    R1

    R1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R1(config)#int f0/0
    R1(config-if)#ip address 13.0.1.2 255.255.255.0
    R1(config-if)#no sh
    R1(config-if)#
    *Mar  1 00:01:44.059: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
    *Mar  1 00:01:45.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    R1(config-if)#int f1/0
    R1(config-if)#ip address 192.168.1.1 255.255.255.0
    R1(config-if)#no sh
    R1(config-if)#
    *Mar  1 00:02:43.835: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
    *Mar  1 00:02:44.835: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
    R1(config-if)#end
    R1#
    *Mar  1 00:02:52.999: %SYS-5-CONFIG_I: Configured from console by console
    
    //测试
    R1#telnet 15.0.1.2
    Trying 15.0.1.2 ...
    % Destination unreachable; gateway or host down
    //
    
    R1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R1(config)#ip route 15.0.1.0 255.255.255.0 13.0.1.1
    R1(config)#ip route 14.0.1.0 255.255.255.0 13.0.1.1
    R1(config)#ip route 16.0.1.0 255.255.255.0 13.0.1.1
    R1(config)#end
    R1#telnet 15.0.1.2
    *Mar  1 00:08:50.839: %SYS-5-CONFIG_I: Configured from console by console
    R1#telnet 15.0.1.2
    Trying 15.0.1.2 ...
    % Connection timed out; remote host not responding
    
    R1#telnet 15.0.1.2
    Trying 15.0.1.2 ... Open
    
    User Access Verification
    
    Password:
    R3>exit
    
    [Connection to 15.0.1.2 closed by foreign host]
    
    

    R2

    R2#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R2(config)#int f0/0
    R2(config-if)#ip address 14.0.1.2 255.255.255.0
    R2(config-if)#no sh
    R2(config-if)#
    *Mar  1 00:03:22.447: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
    *Mar  1 00:03:23.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    R2(config-if)#int f1/0
    R2(config-if)#ip address 192.168.2.1 255.255.255.0
    R2(config-if)#no sh
    R2(config-if)#
    *Mar  1 00:03:48.779: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
    *Mar  1 00:03:49.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
    R2(config-if)#end
    R2#
    *Mar  1 00:03:56.151: %SYS-5-CONFIG_I: Configured from console by console
    R2#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    
    //这里将192.168.2.0网段的两台pc静态nat转换到14.0.1.0网段
    R2(config)#int f0/0
    R2(config-if)#ip nat outside
    R2(config-if)#int
    *Mar  1 01:24:40.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
    R2(config-if)#int f1/0
    R2(config-if)#ip nat inside
    R2(config-if)#exit
    R2(config)#ip nat outside source static 192.168.2.2 14.0.1.3
    R2(config)#ip nat outside source static 192.168.2.3 14.0.1.4
    //路由
    R2(config)#ip route 13.0.1.0 255.255.255.0 14.0.1.1
    R2(config)#end
    
    

    R3

    R3#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R3(config)#int f0/0
    R3(config-if)#ip address 15.0.1.2 255.255.255.0
    R3(config-if)#no sh
    R3(config-if)#int f1/0
    *Mar  1 00:04:19.427: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
    *Mar  1 00:04:20.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
    R3(config-if)#int f1/0
    R3(config-if)#ip address 16.0.1.1 255.255.255.0
    R3(config-if)#no sh
    R3(config-if)#
    *Mar  1 00:04:37.531: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
    *Mar  1 00:04:38.531: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
    R3(config-if)#exit
    R3(config)#line vty 0 4
    R3(config-line)#password zwish
    R3(config-line)#end
    R3#
    *Mar  1 00:05:00.915: %SYS-5-CONFIG_I: Configured from console by console
    //接R1的测试,再配置下面的
    R3#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R3(config)#ip route 13.0.1.0 255.255.255.0 15.0.1.1
    R3(config)#ip route 192.168.1.0 255.255.255.0 15.0.1.1
    

    PIX

    pixfirewall# conf t
    pixfirewall(config)# int e0
    pixfirewall(config-if)# ip address 13.0.1.1 255.255.255.0
    pixfirewall(config-if)# no sh
    pixfirewall(config-if)# nameif inside
    INFO: Security level for "inside" set to 100 by default.
    pixfirewall(config-if)# security-level 100
    pixfirewall(config-if)# int e1
    pixfirewall(config-if)# ip address 14.0.1.1 255.255.255.0
    pixfirewall(config-if)# no sh
    pixfirewall(config-if)# nameif dmz
    INFO: Security level for "dmz" set to 0 by default.
    pixfirewall(config-if)# security-level 50
    pixfirewall(config-if)# int e2
    pixfirewall(config-if)# ip address 15.0.1.1 255.255.255.0
    pixfirewall(config-if)# no sh
    pixfirewall(config-if)# nameif outside
    INFO: Security level for "outside" set to 0 by default.
    pixfirewall(config-if)# end
    pixfirewall# show int ip b
    Interface                  IP-Address      OK? Method Status                Protocol
    Ethernet0                  13.0.1.1        YES manual up                    up
    Ethernet1                  14.0.1.1        YES manual up                    up
    Ethernet2                  15.0.1.1        YES manual up                    up
    Ethernet3                  unassigned      YES unset  administratively down down
    Ethernet4                  unassigned      YES unset  administratively down down
    pixfirewall#
    
    //下面接着配置ping,这里我搜了许久,还是只搜到any any这一种能真正实现ping,指定主机或者网段的扩展访问列表设置了之后发现不生效)
    
    pixfirewall(config)# nat (inside) 1 13.0.1.0 255.255.255.0
    pixfirewall(config)# global (outside) 1 15.0.1.3-15.0.1.6 netmask 255.255.255.0
    pixfirewall(config)# show nat
    
    NAT policies on Interface inside:
      match ip inside 13.0.1.0 255.255.255.0 inside any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 0, untranslate_hits = 0
      match ip inside 13.0.1.0 255.255.255.0 dmz any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 5, untranslate_hits = 0
      match ip inside 13.0.1.0 255.255.255.0 outside any
        dynamic translation to pool 1 (15.0.1.3 - 15.0.1.6)
        translate_hits = 25, untranslate_hits = 30
    pixfirewall(config)# access-list test1 permit icmp any any
    pixfirewall(config)# access-group test1 in int outside
    
    //发布dmz区中的服务器14.0.1.2的telnet服务到公网ip 15.0.1.7
    pixfirewall(config)# static (dmz,outside) 15.0.1.7 14.0.1.2
    pixfirewall(config)# access-list test1 extended permit tcp any host 15.0.1.7 eq telnet
    //发布dmz区中的14.0.1.3的www服务到公网15.0.1.8
    pixfirewall(config)# static (dmz,outside) 15.0.1.8 14.0.1.3
    pixfirewall(config)# access-list test1 extended permit tcp any host 15.0.1.8 eq www
    //端口映射
    pixfirewall(config)# static (dmz,outside) 15.0.1.9 110 14.0.1.4 110
    
    
    //路由,这里就是192.168.1.0和16.0.1.0里的主机 ping时需要用到
    pixfirewall(config)# route inside 192.168.1.0 255.255.255.0 13.0.1.2
    pixfirewall(config)# route outside 16.0.1.0 255.255.255.0 15.0.1.2
    
    

    测试截图:

    R3 telnet DMZ里的14.0.1.2

    在这里插入图片描述

    ping:

    在这里插入图片描述

  • 相关阅读:
    MySQL数据库分区修改【原创】
    浅谈测试rhel7新功能时的感受及遇到的问题【转载】
    htop安装步骤【原创】
    Shell脚本,自动化发布tomcat项目【转】
    shell编程之服务脚本编写,文件锁以及信号捕获
    如何清除jboss缓存
    device-mapper: multipath: Failing path recovery【转载】
    ajax 设置Access-Control-Allow-Origin实现跨域访问
    HTML5中Access-Control-Allow-Origin解决跨域问题
    深入理解JavaScript系列(结局篇)
  • 原文地址:https://www.cnblogs.com/zw1sh/p/12658763.html
Copyright © 2011-2022 走看看