免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 备份版区 企业安全技术 HELP!一个关于PIX防火墙的问题,急用
最近访问板块 发新帖
查看: 2919 | 回复: 1
打印 上一主题 下一主题

HELP!一个关于PIX防火墙的问题,急用 [复制链接]

missyou

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2005-01-06 21:38 |只看该作者 |倒序浏览
PIX的内网ping不通外网,我已经放开了N多权限了,检查了半天也没检查出什么问题,请大家帮我看看,急用,谢谢了。配置如下\r\n   PIX Version 6.3(1)\r\ninterface ethernet0 auto\r\ninterface ethernet1 auto\r\nnameif ethernet0 outside security0\r\nnameif ethernet1 inside security100\r\nenable password mBat5bTIzhRcVYHL encrypted\r\npasswd mBat5bTIzhRcVYHL encrypted\r\nhostname yjpix\r\ndomain-name yj\r\nfixup protocol ftp 21\r\nfixup protocol h323 h225 1720\r\nfixup protocol h323 ras 1718-1719\r\nfixup protocol http 80\r\nfixup protocol ils 389\r\nfixup protocol rsh 514\r\nfixup protocol rtsp 554\r\nfixup protocol sip 5060\r\nfixup protocol sip udp 5060\r\nfixup protocol skinny 2000\r\nfixup protocol smtp 25\r\nfixup protocol sqlnet 1521\r\nnames\r\naccess-list acl-in permit tcp any any\r\naccess-list acl-in permit icmp any any\r\naccess-list acl-in permit ip any any\r\naccess-list acl-in permit udp any any\r\naccess-list acl-out permit icmp any any\r\naccess-list acl-out permit tcp any any\r\naccess-list acl-out permit ip any any\r\npager lines 24\r\nmtu outside 1500\r\nmtu inside 1500\r\nip address outside 192.192.191.1 255.255.255.0\r\nip address inside 192.168.1.20 255.255.255.0\r\nip audit info action alarm\r\nip audit attack action alarm\r\nno failover\r\nfailover timeout 0:00:00\r\nfailover poll 15\r\nno failover ip address outside\r\nno failover ip address inside\r\npdm history enable\r\narp timeout 14400\r\nglobal (outside) 1 192.192.191.100\r\nnat (inside) 1 192.168.1.0 255.255.255.0 0 0\r\nstatic (inside,outside) 192.192.191.100 192.168.1.2 netmask 255.255.255.255 0 0\r\naccess-group acl-out in interface outside\r\naccess-group acl-in in interface inside\r\nconduit permit icmp any any\r\nroute outside 0.0.0.0 0.0.0.0 192.192.191.2 1\r\ntimeout xlate 3:00:00\r\ntimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00\r\ntimeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00\r\ntimeout uauth 0:05:00 absolute\r\naaa-server TACACS+ protocol tacacs+\r\naaa-server RADIUS protocol radius\r\naaa-server LOCAL protocol local\r\nno snmp-server location\r\nno snmp-server contact\r\nsnmp-server community public\r\nno snmp-server enable traps\r\nfloodguard enable\r\ntelnet 192.192.191.0 255.255.255.0 outside\r\ntelnet 192.168.1.0 255.255.255.0 inside\r\ntelnet timeout 5\r\nssh timeout 5\r\nconsole timeout 0\r\nterminal width 80\r\nCryptochecksum:beee09bda7ac7aebe5329fe20f2b5aab\r\n: end
missyou

论坛徽章:
0
2 [报告]
发表于 2005-01-06 21:51 |只看该作者
补充一句,外网访问内网没有问题.。例如:内网192.168.1.2 ping外网的192.168.2.254不通,但是192.168.2.254连接192.168.1.2映射出来的192.192.191.100没有任何问题,无论ping还是telnet。
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP