- 论坛徽章:
- 0
|
环境:网络拓扑ADSL------- pix252--------cisco3560 使用拨号的方式接入internet 有一台ftp服务器放pix后边, 接在3560上想让外面的机器通过pix 来访问ftp服务器
pix252上的配置如下: 但测试不成功,请帮忙看看是什么问题?先多谢了!~~~~`(顺便问一下,是不是 一定要开一个dmz接口 才可以做的吗 ? 也可以qq :67393185上面对面的指导与交流)
Pix525# sh run
: Saved
:
PIX Version 7.2(2)
!
hostname Pix525
domain-name snzo.com
enable password pMjszm8/WfqooIDR encrypted
no names
!
interface Ethernet0
description outside
nameif outside
security-level 0
pppoe client vpdn group pppoex
ip address pppoe setroute
!
interface Ethernet1
description inside
nameif inside
security-level 100
ip address 192.168.0.2 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd pMjszm8/WfqooIDR encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name snzo.com
access-list acl-ftp extended permit tcp any host 219.137.199.159 eq ftp
access-list acl-ftp extended deny ip any any
pager lines 20
logging enable
logging timestamp
logging monitor critical
logging buffered critical
logging trap critical
logging message 100000 level critical
mtu outside 1500
mtu inside 1500
failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 tcp 30 20 udp 20
static (inside,outside) tcp 219.137.199.159 ftp 192.168.3.111 ftp netmask 255.255.255.255
static (inside,outside) tcp 219.137.199.159 ftp-data 192.168.3.111 ftp-data netmask 255.255.255.255
access-group acl-ftp in interface outside
route inside 192.168.0.0 255.255.240.0 192.168.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
ssh 192.168.3.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname gzDSL10380441@163.gd
vpdn group pppoex ppp authentication pap
vpdn username gzDSL10380441@163.gd password *********
!
policy-map global_policy
class inspection_default
inspect ftp
inspect http
inspect esmtp
inspect h323 h225
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect tftp
inspect icmp
class class_h323_ras
inspect h323 ras
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:ba34f47a6c1581d6181df3680e8752e9
: end
Pix525# |
|
免费注册
发表于 2007-08-21 16:28