Пользователь
Сообщения: 146
Благодарности: 1
|
Профиль
|
Отправить PM
| Цитировать
: Saved
: Written by enable_15 at 17:50:50.662 UTC Sat Jan 23 2010
!
PIX Version 7.0(8)
!
hostname pixfirewall
domain-name cisco.com
!
interface Ethernet0
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface Ethernet0.1
vlan 2
nameif inside
security-level 100
ip address xxxxxxx xxxxxxx
!
interface Ethernet0.2
vlan 4
nameif DMZ
security-level 50
ip address xxxxxxx
!
interface Ethernet0.3
vlan 5
nameif outside
security-level 0
ip address xxxxxxx xxxxxxx
!
interface Ethernet1
speed 100
duplex full
no nameif
no security-level
no ip address
!
interface Ethernet2
speed 100
duplex full
no nameif
no security-level
no ip address
!
boot system flash:/image.bin
ftp mode passive
access-list no_nat extended permit ip host xxxxxxx any
access-list no_nat extended permit icmp host xxxxxxx any
access-list in_acl extended permit tcp host xxxxxxx host xxxxxxx eq smtp
access-list in_acl extended permit tcp xxxxxxx xxxxxxx host xxxxxxx eq 8080
access-list in_acl extended permit udp host xxxxxxx any eq domain
access-list in_acl extended permit ip host xxxxxxx host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.243 host xxxxxxx
access-list in_acl extended permit tcp host 192.168.0.19 any eq smtp
access-list in_acl extended permit tcp host 192.168.0.19 any eq pop3
access-list in_acl extended permit tcp host xxxxxxx any eq smtp
access-list in_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list in_acl extended permit icmp host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list in_acl extended permit tcp xxxxxxx xxxxxxx host xxxxxxx eq www
access-list in_acl extended permit ip host 192.168.0.200 host 80.253.4.7
access-list in_acl extended permit ip host 192.168.0.200 host 80.253.4.6
access-list in_acl extended permit tcp host 192.168.0.200 host 81.23.101.8 eq ftp
access-list in_acl extended permit tcp host 192.168.0.200 host 85.249.141.170 eq ftp
access-list in_acl extended permit ip host 192.168.0.200 any
access-list in_acl extended permit tcp host xxxxxxx host 216.21.229.209 eq ftp
access-list in_acl extended permit tcp host 192.168.0.66 any eq ftp
access-list in_acl extended permit tcp host 192.168.0.66 any eq smtp
access-list in_acl extended permit tcp host 192.168.0.66 any eq pop3
access-list in_acl extended permit tcp any host xxxxxxx eq xxxxxxx
access-list in_acl extended permit tcp any host xxxxxxx eq xxxxxxx
access-list in_acl extended permit icmp any xxxxxxx xxxxxxx
access-list in_acl extended permit ip host xxxxxxx any
access-list in_acl extended permit ip host 192.168.0.253 any
access-list in_acl extended permit ip host 192.168.0.252 any
access-list in_acl extended permit ip host 192.168.0.251 any
access-list in_acl extended permit ip host xxxxxxx any
access-list in_acl extended permit ip host 192.168.0.51 any
access-list in_acl extended permit ip host 192.168.1.240 any
access-list in_acl extended permit ip host 192.168.1.253 any
access-list in_acl extended permit ip host 192.168.1.252 any
access-list in_acl extended permit ip host 192.168.1.251 any
access-list in_acl extended permit ip host 192.168.1.195 any
access-list in_acl extended permit ip host 192.168.1.51 any
access-list in_acl extended permit ip host 192.168.0.205 any
access-list in_acl extended permit tcp any host xxxxxxx eq 3389
access-list no_nat_ins extended permit ip xxxxxxx xxxxxxx host xxxxxxx
access-list no_nat_ins extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list no_nat_ins extended permit ip 172.16.2.0 xxxxxxx xxxxxxx xxxxxxx
access-list dmz_acl extended permit udp host xxxxxxx host xxxxxxx eq domain
access-list dmz_acl extended permit ip host xxxxxxx any
access-list dmz_acl extended permit ip host xxxxxxx host xxxxxxx
access-list dmz_acl extended permit icmp host xxxxxxx any
access-list nat_acl extended permit udp host xxxxxxx any eq domain
access-list nat_acl extended permit tcp host 192.168.0.19 any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.19 any eq pop3
access-list nat_acl extended permit tcp host xxxxxxx any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit icmp host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit ip host 192.168.0.200 host xxxxxxx
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit tcp host 192.168.0.200 host xxxxxxx eq ftp
access-list nat_acl extended permit ip host 192.168.0.200 any
access-list nat_acl extended permit tcp host xxxxxxx host xxxxxxx eq ftp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq ftp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq smtp
access-list nat_acl extended permit tcp host 192.168.0.66 any eq pop3
access-list nat_acl extended permit ip host xxxxxxx any
access-list nat_acl extended permit ip host 192.168.0.253 any
access-list nat_acl extended permit ip host 192.168.0.252 any
access-list nat_acl extended permit ip host 192.168.0.251 any
access-list nat_acl extended permit ip host xxxxxxx any
access-list nat_acl extended permit ip host 192.168.0.51 any
access-list nat_acl extended permit ip host 192.168.1.253 any
access-list nat_acl extended permit ip host 192.168.1.252 any
access-list nat_acl extended permit ip host 192.168.1.251 any
access-list nat_acl extended permit ip host 192.168.1.195 any
access-list nat_acl extended permit ip host 192.168.1.51 any
access-list nat_acl extended permit ip host 192.168.0.205 any
access-list nat_acl extended permit tcp any host xxxxxxx eq 3389
access-list outside_acl extended permit tcp any host xxxxxxx eq smtp
access-list outside_acl extended permit ip host xxxxxxx host xxxxxxx
access-list outside_acl extended permit icmp any host xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list outside_acl extended permit tcp host xxxxxxx any eq xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx any eq xxxxxxx
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list outside_acl extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list vpn_route extended permit ip xxxxxxx xxxxxxx xxxxxxx xxxxxxx
access-list 110 extended permit tcp host xxxxxxx host xxxxxxx eq 3389
access-list 110 extended permit tcp host xxxxxxx host xxxxxxx eq 338
pager lines 24
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
ip local pool VPNpool xxxxxxx-xxxxxxx
asdm image flash:/asdm508.bin
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
...
...
: end
|
Отправлено: 14:18, 23-06-2010
| #10
|
