《Cisco技术网》-pix基本配置

　　PIX Version 5.2(6)
　　nameif ethernet0 outside security0
　　nameif ethernet1 inside security100
　　enable password .B42LT8EU0hqken6 encrypted
　　passwd .B42LT8EU0hqken6 encrypted
　　hostname pixfirewall
　　fixup protocol ftp 21
　　fixup protocol http 80
　　fixup protocol h323 1720
　　fixup protocol rsh 514
　　fixup protocol rtsp 554
　　fixup protocol smtp 25
　　fixup protocol sqlnet 1521
　　fixup protocol sip 5060
　　names
　　pager lines 24
　　logging on
　　no logging timestamp
　　no logging standby
　　no logging console
　　no logging monitor
　　no logging buffered
　　no logging trap
　　no logging history
　　logging facility 20
　　logging queue 512
　　interface ethernet0 10baset
　　interface ethernet1 10baset
　　mtu outside 1500
　　mtu inside 1500
　　ip address outside 202.103.49.77 255.255.255.240
　　ip address inside 192.168.0.254 255.255.255.0
　　ip audit info action alarm
　　ip audit attack action alarm
　　arp timeout 14400
　　global (outside) 1 202.103.x.x-202.103.x.x netmask 255.255.255.240
　　global (outside) 1 202.103.x.x
　　nat (inside) 1 0.0.0.0 0.0.0.0 0 0
　　alias (inside) 192.168.0.8 202.103.x.x 255.255.255.255
　　alias (inside) 192.168.0.3 202.103.x.x 255.255.255.255
　　alias (inside) 192.168.0.9 202.103.x.x 255.255.255.255
　　alias (inside) 192.168.0.2 202.103.x.x 255.255.255.255
　　static (inside,outside) 202.103.x.x 192.168.0.8 netmask 255.255.255.255 0 0
　　static (inside,outside) 202.103.49.68 192.168.0.2 netmask 255.255.255.255 0 0
　　static (inside,outside) 202.103.49.67 192.168.0.3 netmask 255.255.255.255 0 0
　　static (inside,outside) 202.103.49.66 192.168.0.5 netmask 255.255.255.255 0 0
　　static (inside,outside) 202.103.49.65 192.168.0.6 netmask 255.255.255.255 0 0
　　static (inside,outside) 202.103.49.69 192.168.0.9 netmask 255.255.255.255 0 0
　　conduit permit icmp any any
　　conduit permit tcp host 202.103.x.x eq ftp any
　　conduit permit tcp host 202.103.x.x eq telnet any
　　conduit permit tcp host 202.103.x.x eq www any
　　conduit permit tcp host 202.103.x.x eq ftp any
　　conduit permit tcp host 202.103.x.x eq telnet any
　　conduit permit tcp host 202.103.x.x any
　　conduit permit tcp host 202.103.x.x eq domain any
　　conduit permit tcp host 202.103.x.x eq 81 any
　　conduit permit tcp host 202.103.x.x eq nntp any
　　conduit permit tcp host 202.103.x.x eq pop3 any
　　conduit permit tcp host 202.103.x.x eq smtp any
　　conduit permit tcp host 202.103.x.x eq domain any
　　conduit permit tcp host 202.103.x.x any
　　route outside 0.0.0.0 0.0.0.0 202.103.x.x 1
　　route inside 192.168.0.0 255.255.0.0 192.168.0.1 1
　　timeout xlate 3:00:00
　　timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
　　timeout uauth 0:05:00 absolute
　　aaa-server TACACS+ protocol tacacs+
　　aaa-server RADIUS protocol radius
　　no snmp-server location
　　no snmp-server contact
　　snmp-server community public
　　no snmp-server enable traps
　　floodguard enable
　　no sysopt route dnat
　　isakmp identity hostname
　　telnet 192.168.0.100 255.255.255.255 inside
　　telnet timeout 5
　　ssh timeout 5
　　terminal width 80
　　Cryptochecksum:fdf26b6b1b76274e18eaf2dd9a1a9299
　　
　　