PIX防火墙中的WEB，外网可以访问，内网的反而不行，奇怪了。

xdpcxq

PIX防火墙中的WEB，外网可以访问，内网的反而不行，奇怪了。\r\nhostname pixfirewall\r\nfixup protocol ftp 21\r\nfixup protocol h323 h225 1720\r\nfixup protocol h323 ras 1718-1719\r\nfixup protocol http 80\r\nfixup protocol ils 389\r\nfixup protocol rsh 514\r\nfixup protocol rtsp 554\r\nfixup protocol sip 5060\r\nfixup protocol sip udp 5060\r\nfixup protocol skinny 2000\r\nfixup protocol smtp 25\r\nfixup protocol sqlnet 1521\r\nnames\r\naccess-list 101 permit icmp any any\r\naccess-list 101 permit ip any any\r\naccess-list 110 permit ip any any\r\naccess-list 110 permit icmp any any\r\naccess-list 110 deny tcp any any eq 4444\r\naccess-list 110 deny tcp any any eq 445\r\naccess-list 110 deny tcp any any eq 593\r\naccess-list 110 deny udp any any eq 593\r\naccess-list 110 deny udp any any eq 1434\r\naccess-list 110 permit tcp any host 211.157.116.214\r\npager lines 24\r\nlogging on\r\nlogging monitor alerts\r\nlogging buffered debugging\r\nmtu outside 1500\r\nmtu inside 1500\r\nmtu dmz 1500\r\nip address outside 211.157.116.210 255.255.255.240\r\nip address inside 175.175.175.1 255.255.255.252\r\nip address dmz 192.168.0.14 255.255.255.0\r\nip audit info action alarm\r\nip audit attack action alarm\r\npdm history enable\r\narp timeout 14400\r\nglobal (outside) 1 211.*.*.212-211.*.*.213\r\nglobal (outside) 1 211.*.*.211\r\nglobal (outside) 2 211.*.*.217\r\nglobal (outside) 3 211.*.*.214\r\nglobal (outside) 4 211.*.*.215\r\nnat (inside) 1 175.175.1.0 255.255.255.0 0 0\r\nnat (inside) 1 175.175.175.0 255.255.255.0 0 0\r\nnat (inside) 1 192.0.0.0 255.255.255.0 0 0\r\nnat (dmz) 2 192.168.0.0 255.255.255.224 0 0\r\nalias (inside) 192.0.0.35 211.157.116.214 255.255.255.255\r\nstatic (inside,outside) 211.*.*.214 192.0.0.35 netmask 255.255.255.255 0\r\nstatic (inside,outside) 211.*.*.215 175.175.1.248 netmask 255.255.255.25\r\n0\r\naccess-group 110 in interface outside\r\naccess-group 110 in interface inside\r\nconduit permit icmp any any\r\nconduit permit icmp host 211.*.*.* any\r\nroute outside 0.0.0.0 0.0.0.0 211.157.116.209 1\r\nroute inside 175.175.1.245 255.255.255.255 175.175.175.2 1\r\nroute inside 175.175.1.248 255.255.255.255 175.175.175.2 1\r\nroute inside 192.0.0.35 255.255.255.255 175.175.175.2 1\r\nroute inside 192.0.0.102 255.255.255.255 175.175.175.2 1\r\nroute inside 192.0.0.107 255.255.255.255 175.175.175.2 1\r\nroute inside 192.0.0.120 255.255.255.255 175.175.175.2 1\r\nroute dmz 192.168.1.0 255.255.255.0 192.168.0.1 1\r\nroute dmz 192.168.2.0 255.255.255.0 192.168.0.2 1\r\nroute dmz 192.168.3.0 255.255.255.0 192.168.0.3 1\r\nroute dmz 192.168.4.0 255.255.255.0 192.168.0.4 1\r\ntimeout xlate 3:00:00\r\ntimeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:0\r\ntimeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00\r\ntimeout uauth 0:05:00 absolute\r\naaa-server TACACS+ protocol tacacs+\r\naaa-server RADIUS protocol radius\r\naaa-server LOCAL protocol local\r\nno snmp-server location\r\nno snmp-server contact\r\nsnmp-server community public\r\nno snmp-server enable traps\r\nfloodguard enable