Step10
:配置内部
DHCP
服务器
<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
Dhcpd address 192.168.0.2-192.168.0.100 inside
Dhcpd enable inside
Dhcpd dns 202.106.196.115 202.106.0.20
在公司只有一个公网地址的情况下做到即可以上网又可以映射内网服务器。
nameif ethernet0 outside security0
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />10.10.10.1 255.255.255.224
ip address inside 20.20.20.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 10. 10.10.1 pop3 20.20.20.20 pop3 netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 SMTP 20.20.20.20 SMTP netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 www 20.20.20.20 www netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 FTP 20.20.20.20 FTP netmask 255.255.255.255
conduit permit tcp host 10.10.10.1 eq www any
conduit permit tcp host 10.10.10.1 eq FTP any
conduit permit tcp host 10.10.10.1 eq POP3 any
conduit permit tcp host 10.10.10.1 eq SMTP any
route outside 0.0.0.0 0.0.0.0 10.10.10.254
nameif ethernet1 inside security100
interface ethernet0 auto
interface ethernet1 auto
ip address outside <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />10.10.10.1 255.255.255.224
ip address inside 20.20.20.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp 10. 10.10.1 pop3 20.20.20.20 pop3 netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 SMTP 20.20.20.20 SMTP netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 www 20.20.20.20 www netmask 255.255.255.255
static (inside,outside) tcp 10.10.10.1 FTP 20.20.20.20 FTP netmask 255.255.255.255
conduit permit tcp host 10.10.10.1 eq www any
conduit permit tcp host 10.10.10.1 eq FTP any
conduit permit tcp host 10.10.10.1 eq POP3 any
conduit permit tcp host 10.10.10.1 eq SMTP any
route outside 0.0.0.0 0.0.0.0 10.10.10.254
Pix
上配置
SYSLOG
日志信息
开启
logging
功能
Step1:
logging on /logging enable
指定接受者,
一:指定为
syslog
服务器接收。确实情况下通过
udp
端口
514
发送,可以指定为
TCP
,缺省端口为
1470
。
Logging host outside 221.238.22.100
指定发送日志的级别。
0-7
缺省为
3
Step2:
log trap severity_level (1-7)
缺省的
LOG
日志级别为
3
Step3:
show logging
检查
LOG
设置
二:指定为CONSOLE 口发送。
Logging console 3
Logging mail 3
Logging from-address [email]liliang2840@163.com[/email]
Logging recipient-address [email]liliang@bjslth.cn[/email]
Smtp-server 202.108.37.36
测试LOG输出
1) Logging console 7 log 信息发送到CONSOLE口
2) No logging console 7 停止发送到console 口
alias (dmz) 192.168.1.2 202.99.100.2 255.255.255.255
转载于:https://blog.51cto.com/bluefox/118517