Tweet
Có mô hinh như sau
:
Router(e0=209.162.1.2/24)----(e0=209.162.1.1) PIX525 (e1=172.16.1.2/24)-----PC (172.16.1.1/24)
Cau hinh PIX:
FW(config)# sh run
:
PIX Version 8.0(2)
!
hostname FW
enable password 6AQApax2zvrQDzvV encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 209.162.1.1 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.16.1.2 255.255.255.0
!
interface Ethernet2
nameif dmz
security-level 50
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 209.162.1.30
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 209.162.1.5 172.16.1.2 netmask 255.255.255.255
route outside 0.0.0.0 0.0.0.0 209.162.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
prompt hostname context
Cryptochecksum:9f99077cb9181f1bb0c68b7bf3024058
: end
Cau hinh Router:
R#sh run
Building configuration...
Current configuration : 834 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
!
ip cef
no ip dhcp use vrf connected
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
no crypto isakmp ccm
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 209.162.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 209.162.1.1
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end
Sử dụng pemu va Dynamip để mô phỏng, Khong biet còn thiếu gì nữa ko mà ping từ PC đến interface outside ko được. Ping từ Router đến PC cũng ko được.
Sau ko sử dụng được lệnh conduit trong PIX.
Mới học về PIX chưa biết gì hết, các sư huynh giúp với.
Thanks
:
Router(e0=209.162.1.2/24)----(e0=209.162.1.1) PIX525 (e1=172.16.1.2/24)-----PC (172.16.1.1/24)
Cau hinh PIX:
FW(config)# sh run
:
PIX Version 8.0(2)
!
hostname FW
enable password 6AQApax2zvrQDzvV encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 209.162.1.1 255.255.255.0
!
interface Ethernet1
nameif inside
security-level 100
ip address 172.16.1.2 255.255.255.0
!
interface Ethernet2
nameif dmz
security-level 50
no ip address
!
interface Ethernet3
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet4
shutdown
no nameif
no security-level
no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 209.162.1.30
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 209.162.1.5 172.16.1.2 netmask 255.255.255.255
route outside 0.0.0.0 0.0.0.0 209.162.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
!
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
prompt hostname context
Cryptochecksum:9f99077cb9181f1bb0c68b7bf3024058
: end
Cau hinh Router:
R#sh run
Building configuration...
Current configuration : 834 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip subnet-zero
!
ip cef
no ip dhcp use vrf connected
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
no crypto isakmp ccm
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 209.162.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 209.162.1.1
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end
Sử dụng pemu va Dynamip để mô phỏng, Khong biet còn thiếu gì nữa ko mà ping từ PC đến interface outside ko được. Ping từ Router đến PC cũng ko được.
Sau ko sử dụng được lệnh conduit trong PIX.
Mới học về PIX chưa biết gì hết, các sư huynh giúp với.
Thanks
Comment