我的PIX配置

最新推荐文章于 2024-09-14 19:55:29 发布

changmen9693

最新推荐文章于 2024-09-14 19:55:29 发布

阅读量138

点赞数

文章标签：数据库网络运维

原文链接：http://blog.51cto.com/5318016/903479

版权

pixfirewall> en
Password:
pixfirewall# show run
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 203.95.102.10 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 203.95.1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:87eef335e5cc042f60486a8f950c8468
: end
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
:
PIX Version 6.3(3)
pixfirewall# show inte ethernet0 auto
interface ethernet0 "outside" is up, line protocol is down
nameif ethernet0 outside security0
Hardware is i82559 ethernet, address is 000f.908f.2e5f
enable password 8Ry2Y
IP address 203.95.102.10, subnet mask 255.255.255.248
passwd 2KFQnbNIdI.2KYOU encrypted
MTU 1500 bytes, BW 10000 Kbit half duplex
fixup protocol dns maximum
        0 packets input, 0 bytes, 0 no buffer
fixup protocol ftp 21
        Received 0 broadcasts, 0 runts, 0 giants
fixup protocol h323 ras 1718-1719
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
fixup protocol rsh 514
fixup protocol rtsp
aaa-server TACACS+ protocol tacacs+
        38 packets output, 2706 bytes, 0 underrunsl radius
aaa-serv
        0 output errors, 0 collisions, 0 interface resetssnmp-server location
no snmp-serve
        0 babbles, 0 late collisions, 0 deferrednity public
no snmp-
        1 lost carrier, 0 no carrier
floodguard enable
        input queue (curr/max blocks): hardware (128/128) software (0/1)ole timeout 0
terminal width 80
Crypto
pi
pixfirewall#
pi
pixfirewall# show ve
pixfirewall#

Cisco PIX Firewall Version 6.3(3)firewall#
pixfirewall
Cisco PIX Device Manager Version 3.0(1)ixfirewall#
pixfirewall#

1: ethernet1: address is 000f.908f.2e60, irq 11
Licensed Features:
Failover:                    Disabled
×××-DES:                     Enabled
×××-3DES-AES:                Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces:          2
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited

This PIX has a Restricted (R) license.

Serial Number: 808242422 (0x302cccf6)
Running Activation Key: 0x8e6e5eea 0xd75f7a69 0x07255152 0x0faadaa8
Configuration last modified by enable_15 at 21:41:09.735 UTC Sat Feb 4 2012
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#
pixfirewall#

r1# show ? Confi

At the end of show <command>, use the pipe character '|' followed by:       Configure group settings for Cisco ××× Clients and
fixup prot
begin|include|exclude|grep [-v] <regular_exp>, to filter show output. Cisco Easy ××× Remote products
mtu inside 1500

aaa             Enable, disable, or view TACACS+, RADIUS or LOCAL
ip address inside 192.168.1.
xlate
                user authentication, authorization and accountingionion alarm
ip audit attack action ala
aaa-server      Define AAA Server group#y e
r1#e
r1#
r1#
r1#rp

meout
access-group    Bind an access-list to an interface to filter inbound traffic
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
condu
access-list     Add an access list
route outside 0.0.0
activation-key Modify activation-key.
timeout
age             This command is deprecat
PIX Version 6.3(3)
interface ethernet0 auto
checksum        View configuration information cryptochecksumeif ethernet0 outside security0
chunkstat       Display chunk statsy100
clock           Show and set the date and time of PIX
passwd 2KFQnbNIdI
conduit         Add conduit access to higher security level network or ICMP
fixup protocol dns maximum-length 512
configure       Configure from terminal, floppy, memory, network, orcol h323 h225 1720
fixup protocol h323
timeout xlate 3:00:00
timeou
curpriv         Display current privilege levelpc 0:10:00 h225 1:00:00
debug           Debug packets or ICMP tracings through the PIX Firewall.0 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
dhcpd           Configure DHCP Servermeout uauth 0:05:00 absolute
dhcprelay       Configure DHCP Relay Agentotocol tacacs+
domain-name     Change domain nameradius
dynamic-map     Specify a dynamic crypto map template
no snmp-server location
eeprom          show or reprogram the 525 onboard i82559 devices community public
no snmp-server ena
enable          Configure enable passwordsuard enable
telnet timeou
established     Allow inbound connections based nsole timeout 0

ering conf
fixup           Add or delete PIX service and feature defaults
Type help or '?' for a list of avail
flashfs         Show, destroy, or preserve filesystem informationixfirewall(config)# login authenticate FOR_VTY
fragment        Configure the IP fragment database list of available commands.
global          Specify, delete or view global address pools,
pixfirewall(config)#
pixfirewall(
                or designate a PAT(Port Address Translated) address
pixfirewall(config)# int s1
h225            Show the current h225 data stored r "s1"
interface       Set network interface paremeters and configure VLANstdown]]

igmp            Clear or display IGMP groupsgical|physical] [shutdown]
ip              Set the ip address and mask for an interface      interface <hardware_id> change-vlan <old_vlan_id> <new
                Define a local address pool

ipsec           Configure IPSEC policy ethernet0 "outside" is up, line proto
isakmp          Configure ISAKMP policy
Hardware is
local-host      Display or clear the local host network information
IP address 203.95.102.10, subnet
logging         Enable logging facility
M
mac-list        Add a list of mac addresses using first match search
        0 packets input, 0 bytes, 0 no buffer
map             Configure IPsec crypto map     Received 0 broadcasts, 0 runts, 0 gia
memory          System memory utilization
        0 input errors, 0 CRC,
mgcp            Configure the Media Gateway Control Protocol fixu

nameif          Assign a name to an interface
int
names           Enable, disable or display IP address to name conversion
Hardware is i82559 ethernet, addres
nat             Associate a network with a pool of global IP addresses
IP address 192.168.1.1, subnet mask 255.255.255.0
ntp             Configure Network T

pdm             Configure PIX Device Manager
        0 babbles, 0 late col
prefix-list     Configure a prefix-list
        1 l
privilege       Configure/Display privilege levels for commands      input queue (curr/max blocks): hardware (128/128) softwar
processes       Display processes
rip             Broadcast default route or blocks
router          Create/configure OSPF routing process
pixfirewall(config)
routing         Configure interface specific unicast routing parameters.
pixfirewall(config)# rface ethernet0
running-config Display the current running configurationst of available commands.
service         Enable system services
pixfirewall(confi
shun            Manages the filtering of packets from undesired hostsrewall(config)# interface ethernet0
sip             Show the current data stored for each SIP session. interface <hardware_id> [<hw_speed> [shutdown]]
skinny          Show the current data stored for each Skinny sessware_id> <vlan_id>
startup-config Display the startup configuration

static          Configure one-to-one address translation ruleal] [shutdown]
telnet          Add telnet access to PIX console and set idle timeout
terminal        Set terminal line parameters
tftp-server     Specify default TFTP server address and directory
timeout         Set the maximum idle times
traffic         Counters for traffic statistics
uauth           Display or clear current user authorization information
url-cache       Enable URL caching
url-block       Enable URL pending block buffer and long URL support
url-server      Specify a URL filter server
username        Configure user authentication local database
version         Display PIX system software version
virtual         Set address for authentication virtual servers
vpdn            Configure VPDN (PPTP, L2TP, PPPoE) Policy
***client       Configure Easy ××× Remote
***group        Configure group settings for Cisco ××× Clients and
                Cisco Easy ××× Remote products
who             Show active administration sessions on PIX
xlate           Display current translation and connection slot information
r1# show
r1#
r1#