- 论坛徽章:
- 0
|
我们公司最近上了一个pix525,我准备拿他来当上网nat用,原来我们是一个2600系列的来做nat,在局域网口我是设置了130.52.64.15和211.96.145.14 2个地址,我内部一些主机是2个地址合在一起,其中一台我设置的是130.52.64.221,211.96.145.9,在防火墙中,由于只有2 个et口,我就一个设置的是130.52.64.15,另外一个设置的是211.96.145.133,我将211.96.145.1-211.96.145.14做成global池,并做了相应的映射,可是在130.52.64.221那台机子,我原先在上面设置了一个短信网关程序,他是来连省中心的短信接口211.96.31.232那个8881端口,在我本地是监听其端口6200,我对130.52.64.221静态映射了211.96.145.9,并在outside上做了访问列表,可是结果就是无法连接到省中心的211.96.31.232的8881端口,下面是具体配置,请各位帮忙看看
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 acl_infull
nameif ethernet0 outside security0
nameif ethernet1 inside securityacl_in
enable password U41WAWA6qriKLcil encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
nat(inside) 1 130.52.64.0 255.255.252.0
nat(inside) 1 130.52.74.0 255.255.252.0
nat(inside) 1 10.210.56.0 255.255.248.0
global (outside) 1 211.96.145.7
global (outside) 2 211.96.145.1 211.96.145.14
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 211.96.145.133 255.255.255.252
ip address inside 130.52.64.15 255.255.252.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm history enable
arp timeout 14400
global (outside) 1 211.96.145.7
nat (inside) 1 access-list 1
icmp deny any echo inside
static (inside,outside) 211.96.145.11 130.52.64.7 netmask 255.255.255.255
static (inside,outside) 211.96.145.12 130.52.64.30 netmask 255.255.255.255
static (inside,outside) 211.96.145.6 130.52.64.26 netmask 255.255.255.255
static (inside,outside) 211.96.145.1 130.52.64.224 netmask 255.255.255.255
static (inside,outside) 211.96.145.11 130.52.64.7 netmask 255.255.255.255
static (inside,outside) 211.96.145.5 130.52.64.3 netmask 255.255.255.255
static (inside,outside) 211.96.145.9 130.52.64.221 netmask 255.255.255.255
access-group acl-in in interface outside
access-list acl-in permit tcp any host 211.96.145.6 eq 6001
access-list acl-in permit tcp any host 211.96.145.9 eq 6200
access-list acl-in permit tcp any host 211.96.145.11 eq 9999
access-list acl-in permit tcp any host 211.96.145.11 eq 5001
access-list acl-in permit tcp any host 211.96.145.11 eq smtp
access-list acl-in permit tcp any host 211.96.145.11 eq pop3
access-list acl-in permit tcp any host 211.96.145.1 eq 80
access-list acl-in permit tcp any host 211.96.145.12 eq 80
route outside 0.0.0.0 0.0.0.0 211.96.145.134 1
route inside 10.117.102.0 255.255.255.0 130.52.64.241 1
route inside 10.156.76.0 255.255.255.0 130.52.64.254 1
route inside 10.188.151.0 255.255.255.0 130.52.64.254 1
route inside 10.210.1.0 255.255.255.0 130.52.64.240 1
route inside 10.210.7.0 255.255.255.0 130.52.64.240 1
route inside 10.210.9.0 255.255.255.0 130.52.64.240 1
route inside 10.210.10.0 255.255.255.0 130.52.64.240 1
route inside 10.210.11.0 255.255.255.0 130.52.64.254 1
route inside 10.210.56.0 255.255.255.0 130.52.64.240 1
route inside 10.210.56.0 255.255.248.0 130.52.64.240 1
route inside 10.210.216.0 255.255.255.0 130.52.64.240 1
route inside 10.241.1.0 255.255.255.0 130.52.64.247 1
route inside 10.241.42.0 255.255.255.0 130.52.64.247 1
route inside acl_in.1.1.0 255.255.255.0 acl_in.acl_in.acl_in.2 1
route inside 130.51.0.0 255.255.0.0 130.52.64.254 1
route inside 130.51.5.0 255.255.255.0 130.52.64.254 1
route inside 130.52.66.0 255.255.255.0 130.52.64.30 1
route inside 130.52.72.0 255.255.255.0 130.52.64.248 1
route inside 130.52.74.0 255.255.255.0 130.52.64.248 1
route inside 140.1.1.0 255.255.255.0 130.52.64.254 1
route inside 192.168.0.0 255.255.0.0 130.52.64.254 1
route inside 192.168.acl_in.0 255.255.255.0 acl_in.acl_in.acl_in.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 130.52.64.66 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 130.52.64.0 255.255.252.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:71cc32fe9e975e193b828b4cae842e65
: end
pixfirwall# |
|
免费注册
发表于 2005-06-18 13:27
