Pix525初体验（二）之配置篇

Pix525初体验（二）之配置篇

CISCO pix525防火墙设有两种工作模式：一种是传统的路由模式，一种是透明模式。下面分别对两种模式进行配置:

一，路由模式

   ena

conf t

hostname pix525

interface ethernet 0

nameif outside

ip address 121.15.134.210 255.255.255.248

no sh

exit

interface ethernet 1

nameif inside

ip address 192.168.100.1 255.255.255.0

no sh

exit

route outside 0 0 121.15.134.209 1

nat (inside) 1 0 0

global (outside) 1 121.15.134.212

access-list out_acl permit icmp any any

access-group  out_acl in interface outside    //nat的配置

 

static (inside,outside) 121.15.134.212 192.168.100.100

access-list yczm permit tcp any host 121.15.134.212 eq 3389

access-group yczm in interface outside       //静态地址转换的配置

 

telnet 192.168.100.100 255.255.255.255 inside

passwd 123456                          //telnet连接的配置

 

二，透明模式

configure terminal

interface Ethernet0

nameif outside

no shutdown

exit

interface Ethernet1

nameif inside

no shutdown

exit

 

firewall transparent                             //启用透明模式       

access-list out-list extended permit icmp any any      

access-list out_list extended permit tcp any host 192.168.0.220 eq 3389

access-group out-list in interface outside  

 

ip address 192.168.100.1 255.255.255.0             //配置一个管理ip，用于远程连接

telnet 192.168.100.100 255.255.255.255 inside

passwd 123456

wr