您的位置:360文档中心› 思科防火墙登陆及设置过程

思科防火墙登陆及设置过程

相关主题
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

一、防火墙登陆过程telnet 192.168.0.1

输入:123

用户名:en

密码:srmcisco

Conf t

Show run

二、公网IP与内网IP映射:

static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0

三、再打开端口:输入以下一笔命今如

access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口) access-list acl-out permit tcp any host 61.142.114.183 eq 5900 (打开外部5900端口) access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5800 (打开内部5800端口)

四、登出防火墙:logout

五、增加上网电脑

1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)

2、arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址)

六、取消上网电脑

1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0(上网电脑IP地址)

2、no arp inside 192.168.0.188 000f.eafa.645d alias(绑定上网电脑网卡MAC地址)

七、增加可以远程控制防火墙电脑telnet 192.168.0.188 255.255.255.255 inside

八、保存已做改动设置

wr me

九、以下为现存防火墙配置。

以下每行即为一行命今,如果不见可以从以下黑体字中COPY,进入后粘添,然后保存即可。

User Access V erification

Password:

Type help or '?' for a list of available commands.

pix515> conf t

Type help or '?' for a list of available commands.

pix515> en

Password:

Invalid password

Password: ********

pix515# conf t

pix515(config)# show run

: Saved

:

PIX V ersion 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password gzE5ZoPZ4Fffph7. encrypted

passwd PLBb27eKLE1o9FTB encrypted

hostname pix515

domain-name

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list acl-out permit ip any any

access-list acl-out permit tcp any host 61.142.114.180 eq pop3 access-list acl-out permit tcp any host 61.142.114.180 eq smtp access-list acl-out permit tcp any host 61.142.114.181 eq ftp access-list acl-out deny tcp any any eq 135

access-list acl-out deny udp any any eq 135

access-list acl-out deny udp any any eq 139

access-list acl-out deny tcp any any eq netbios-ssn

access-list acl-out deny tcp any any eq 445

access-list acl-out deny udp any any eq 445

access-list acl-out deny udp any any eq 593

相关文档
最新文档