我前天配置PIX 515E做NAT +3560 做VLAN 间路由,请大家帮我看看
我前天配置PIX 515E做NAT +3560 做VLAN 间路由
请大家指点一下
ixfirewall# show config
: Saved
:
PIX Version 6.1(3)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol http 8080
no fixup protocol skinny 2000
names
pager lines 24
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 210.24.136.64 255.255.255.0
ip address inside 192.168.69.1 255.255.255.0
ip address dmz 10.10.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 210.24.136.65-210.24.136.66 netmask 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 210.24.136.67 192.168.67.19 netmask 255.255.255.255 0 0
static (inside,outside) 210.24.136.69 192.168.67.3 netmask 255.255.255.255 0 0
static (inside,outside) 210.24.136.68 192.168.68.14 netmask 255.255.255.255 0 0
static (inside,outside) 210.24.136.70 192.168.68.3 netmask 255.255.255.255 0 0
static (inside,outside) 210.24.136.71 192.168.68.5 netmask 255.255.255.255 0 0
conduit permit tcp host 210.24.136.69 eq ftp any
conduit permit tcp host 210.24.136.70 eq ftp any
route outside 0.0.0.0 0.0.0.0 218.24.136.1 1
route inside 192.168.66.0 255.255.255.0 192.168.69.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 0.0.0.0 0.0.0.0 outside
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:c4e095a0107781bdd575c969a9d985f4
pixfirewall#
3550#show running-config
Building configuration...
Current configuration : 5420 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
SW
interface FastEthernet0/1
no switchport
ip address 192.168.69.2 255.255.255.0
!
interface FastEthernet0/2
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 66
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 67
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 68
switchport mode access
!
interface FastEthernet0/23
switchport mode access
!
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan66
ip address 192.168.66.1 255.255.255.0
!
interface Vlan67
ip address 192.168.67.1 255.255.255.0
!
interface Vlan68
ip address 192.168.68.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.69.1
ip http server
!
!
!
control-plane
!
!
line con 0
password 800602
login
line vty 0 4
password 800602
login
line vty 5 15
password 800602
login
!
!
end
Switch#
我想把PIX 的LOG 做一台服务器上去 ,不知道怎么做?请大家帮忙,
还有个问题,我用不用在3560上做病毒列表
2001-2007 Comsenz Inc.
