- 论坛徽章:
- 0
|
配置如下:
: Saved
:
PIX Version 7.2(1)
!
hostname xxx-xx-xxxx
domain-name xx.xx.xxx
enable password 4wn2dZyP8WeN1Jx/ level 2 encrypted
enable password 2KFdnbPIdI.2KYOU encrypted
names
dns-guard
!
interface Ethernet0
description TO-I3-6506R-1
speed 100
duplex full
nameif outside
security-level 0
ip address xx.xxx.XX.13 255.255.255.248 standby xx.xxx.xx.13
!
interface Ethernet1
description TO-F5-3560-1
speed 100
duplex full
nameif inside
security-level 100
ip address xx.xxx.xxx.1 255.255.255.0 standby xx.xxx.xxx.31
!
interface Ethernet2
description TO-I3-6506-1
speed 100
duplex full
nameif DDSO
security-level 50
ip address xx.xxx.191.20 255.255.255.248 standby xx.xxx.11.21
!
interface Ethernet3
description TO-E15-6509-1
speed 100
duplex full
nameif dx
security-level 15
ip address xx.xxx.4.14 255.255.255.248 standby xx.xxx.4.12
!
interface Ethernet4
speed 100
duplex full
shutdown
no nameif
security-level 15
no ip address
!
interface Ethernet5
description STATE Failover Interface
!
passwd 2KDQnbNIdI.2KKOU encrypted
boot system flash:/pix721.bin
ftp mode passive
clock timezone BeiJing 8
dns server-group DefaultDNS
domain-name abc.def
object-group network PING
network-object host xx.xxx.xx.x
network-object host xx.xxx.xx.x
object-group network 30DDS
network-object host xx.xx.xx.x
network-object host xx.xx.xxx.x
object-group network 20DDS
network-object host xx.xxx.xxx.9
object-group network wh
network-object host xx.xxx.xx.xx
object-group network KDS
network-object host xx.xxx.xx.xx
network-object host xx.xxx.xx.xx
object-group network ntp
network-object host xx.xxx.xx.xxx
object-group network LSOD
network-object host xx.xxx.xx.xx
object-group network LDOW
network-object host xx.xxx.xx.xx
network-object host xx.xxx.xx.xx
object-group network DP-LDOW
network-object host xx.xxx.XXX.XX
object-group network DP-DDS
network-object host xx.xx.xx.xx
object-group network DDSO
network-object host 10.65.6.22
access-list 101 extended permit tcp object-group 30DDS host xx.xxx.xxx.2 eq 7777
access-list 101 extended permit tcp object-group 30DDS host xx.xxx.xxx.2 eq 7777
access-list 101 extended permit tcp object-group 20DDS host xx.xxx.xxx.2 eq 7777
access-list 101 extended permit tcp object-group 20DDS host xx.xxx.xxx.2 eq 7777
access-list 101 extended permit tcp host 211.137.32.229 host xx.xxx.xxx.6 eq 7777
access-list 102 extended permit tcp object-group wh host xx.xxx.xxx.30 eq 7777
access-list 103 extended permit icmp object-group PING host xx.xxx.xxx.4
access-list 103 extended permit tcp object-group DP-DDS host xx.xxx.xxx.4 eq 7777
access-list 103 extended permit tcp object-group DP-DDS host xx.xxx.xxx.4 eq 7777
access-list 103 extended permit tcp object-group DDSO host xx.xxx.xxx.4 eq 7777
access-list 103 extended permit tcp object-group DDSO host xx.xxx.xxx.4 eq 7777
pager lines 24
logging enable
logging timestamp
logging standby
logging console warnings
logging monitor warnings
logging buffered errors
logging history errors
mtu outside 1500
mtu inside 1500
mtu DDSO 1500
mtu dx 1500
failover
failover link Stateful Ethernet5
failover interface ip Stateful 1.1.1.1 255.255.255.0 standby 1.1.1.2
no asdm history enable
arp timeout 300
nat-control
global (outside) 1 xx.xxx.xxx.0
nat (inside) 1 10.0.0.0 255.0.0.0
static (inside,outside) xx.xxx.xxx.2 xx.xxx.xxx.4 netmask 255.255.255.255
static (inside,outside) xx.xxx.xxx.7 xx.xxx.xxx.8 netmask 255.255.255.255
static (inside,outside) xx.xxx.xxx.6 xx.xxx.xxx.9 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.4 xx.xxx.xxx.4 netmask 255.255.255.255
static (inside,DDSO) xx.xxx.xxx.4 xx.xxx.xxx.4 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.9 xx.xxx.xxx.9 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.3 xx.xxx.xxx.3 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.30 xx.xxx.xxx.30 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.11 xx.xxx.xxx.11 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.10 xx.xxx.xxx.10 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.8 xx.xxx.xxx.8 netmask 255.255.255.255
static (inside,outside) xx.xxx.xxx.1 xx.xxx.xxx.7 netmask 255.255.255.255
static (inside,dx) xx.xxx.xxx.7 xx.xxx.xxx.7 netmask 255.255.255.255
access-group 101 in interface outside
access-group 103 in interface DDSO
access-group 102 in interface dx
route outside 0.0.0.0 0.0.0.0 xx.xxx.72.129 1
route DDSO 10.65.9.11 255.255.255.255 xx.xxx.191.17 1
route DDSO 10.65.6.22 255.255.255.255 xx.xxx.191.17 1
route dx xx.xxx.20.0 255.255.255.0 xx.xxx.43.123 1
route dx xx.xxx.18.0 255.255.255.0 xx.xxx.43.123 1
route dx xx.xxx.8.45 255.255.255.255 xx.xxx.43.123 1
route dx xx.xxx.8.33 255.255.255.255 xx.xxx.43.123 1
route dx xx.xxx.254.0 255.255.255.0 xx.xxx.43.123 1
route dx xx.xxx.251.0 255.255.255.0 xx.xxx.43.123 1
route dx xx.xxx.225.0 255.255.255.0 xx.xxx.43.123 1 |
|