P ix525 初体验(二)之配置篇 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

CISCO pix525防火墙设有两种工作模式:一种是传统的路由模式,一种是透明模式。下面分别对两种模式进行配置:
一,路由模式
   ena
conf t
hostname pix525
interface ethernet 0
nameif outside
ip address 121.15.134.210 255.255.255.248
no sh
exit
interface ethernet 1
nameif inside
ip address 192.168.100.1 255.255.255.0
no sh
exit
route outside 0 0 121.15.134.209 1
nat (inside) 1 0 0
global (outside) 1 121.15.134.212
access-list out_acl permit icmp any any
access-group  out_acl in interface outside    //nat的配置

 

static (inside,outside) 121.15.134.212 192.168.100.100
access-list yczm permit tcp any host 121.15.134.212 eq 3389
access-group yczm in interface outside       //静态地址转换的配置

 

telnet 192.168.100.100 255.255.255.255 inside
passwd 123456                          //telnet连接的配置

 

二,透明模式

configure terminal

interface Ethernet0

nameif outside

no shutdown

exit

interface Ethernet1

nameif inside

no shutdown

exit

 

firewall transparent                             //启用透明模式       

access-list out-list extended permit icmp any any      

access-list out_list extended permit tcp any host 192.168.0.220 eq 3389

access-group out-list in interface outside  

 

ip address 192.168.100.1 255.255.255.0             //配置一个管理ip,用于远程连接

telnet 192.168.100.100 255.255.255.255 inside

passwd 123456

wr