思科防火墙登陆及设置过程
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
一、防火墙登陆过程telnet 192.168.0.1
输入:123
用户名:en
密码:srmcisco
Conf t
Show run
二、公网IP与内网IP映射:
static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0
三、再打开端口:输入以下一笔命今如
access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口) access-list acl-out permit tcp any host 61.142.114.183 eq 5900 (打开外部5900端口) access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5800 (打开内部5800端口)
四、登出防火墙:logout
五、增加上网电脑
1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)
2、arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址)
六、取消上网电脑
1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)
2、no arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址)
七、增加可以远程控制防火墙电脑telnet 192.168.0.188 255.255.255.255 inside
八、保存已做改动设置
wr me
九、以下为现存防火墙配置。
以下每行即为一行命今,如果不见可以从以下黑体字中COPY,进入后粘添,然后保存即可。
User Access V erification
Password:
Type help or '?' for a list of available commands.
pix515> conf t
Type help or '?' for a list of available commands.
pix515> en
Password:
Invalid password
Password: ********
pix515# conf t
pix515(config)# show run
: Saved
:
PIX V ersion 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password gzE5ZoPZ4Fffph7. encrypted
passwd PLBb27eKLE1o9FTB encrypted
hostname pix515
domain-name
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list acl-out permit ip any any
access-list acl-out permit tcp any host 61.142.114.180 eq pop3 access-list acl-out permit tcp any host 61.142.114.180 eq smtp access-list acl-out permit tcp any host 61.142.114.181 eq ftp access-list acl-out deny tcp any any eq 135
access-list acl-out deny udp any any eq 135
access-list acl-out deny udp any any eq 139
access-list acl-out deny tcp any any eq netbios-ssn
access-list acl-out deny tcp any any eq 445
access-list acl-out deny udp any any eq 445
access-list acl-out deny udp any any eq 593