思科防火墙登陆及设置过程_动视

思科防火墙登陆及设置过程

2025-09-30 19:43:53 责编:小OO

点击下载本文 文档为doc格式

一、防火墙登陆过程

telnet 192.168.0.1

输入：123

用户名：en

密码：srmcisco

Conf t

Show run

二、公网IP与内网IP映射：

static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0

三、再打开端口：输入以下一笔命今如

access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口)

access-list acl-out permit tcp any host 61.142.114.183 eq 5900 (打开外部5900端口)

access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口)

access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口)

access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口)

access-list acl-in permit tcp any host 61.142.114.183 eq 5800 (打开内部5800端口)

四、登出防火墙：logout

五、增加上网电脑

1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）

2、arp inside 192.168.0.188 000f.eafa.5d alias（绑定上网电脑网卡MAC地址）

六、取消上网电脑

1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）

2、no arp inside 192.168.0.188 000f.eafa.5d alias（绑定上网电脑网卡MAC地址）

七、增加可以远程控制防火墙电脑

telnet 192.168.0.188 255.255.255.255 inside

八、保存已做改动设置

wr me

九、以下为现存防火墙配置。

以下每行即为一行命今，如果不见可以从以下黑体字中COPY，进入后粘添，然后保存即可。

User Access Verification

Password:

Type help or '?' for a list of available commands.

pix515> conf t

Type help or '?' for a list of available commands.

pix515> en

Password:

Invalid password

Password: ********

pix515# conf t

pix515(config)# show run

: Saved

PIX Version 6.3(1)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password gzE5ZoPZ4Fffph7. encrypted

passwd PLBb27eKLE1o9FTB encrypted

hostname pix515

domain-name cisco.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 3

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list acl-out permit ip any any

access-list acl-out permit tcp any host 61.142.114.180 eq pop3

access-list acl-out permit tcp any host 61.142.114.180 eq smtp

access-list acl-out permit tcp any host 61.142.114.181 eq ftp

access-list acl-out deny tcp any any eq 135

access-list acl-out deny udp any any eq 135

access-list acl-out deny udp any any eq 139

access-list acl-out deny tcp any any eq netbios-ssn

access-list acl-out deny tcp any any eq 445

access-list acl-out deny udp any any eq 445

access-list acl-out deny udp any any eq 593

access-list acl-out deny tcp any any eq 593

access-list acl-out deny tcp any any eq 5554

access-list acl-out deny udp any any eq 5554

access-list acl-out deny udp any any eq 5445

access-list acl-out deny tcp any any eq 5445

access-list acl-out deny tcp any any eq 9996

access-list acl-out deny icmp any any

access-list acl-out permit tcp any host 61.142.114.180 eq www

access-list acl-out permit tcp any host 61.142.114.179 eq www

access-list acl-out permit tcp any host 61.142.114.182 eq www

access-list acl-out permit tcp any host 61.142.114.181 eq www

access-list acl-out permit tcp any host 61.142.114.182 eq 5800

access-list acl-out permit tcp any host 61.142.114.182 eq 5900

access-list acl-out permit tcp any host 61.142.114.182 eq 1433

access-list acl-in deny icmp any any

access-list acl-in permit tcp any host 61.142.114.180 eq pop3

access-list acl-in permit tcp any host 61.142.114.180 eq smtp

access-list acl-in permit tcp any host 61.142.114.180 eq www

access-list acl-in permit tcp any host 61.142.114.179 eq www

access-list acl-in permit tcp any host 61.142.114.182 eq www

access-list acl-in permit tcp any host 61.142.114.181 eq www

access-list acl-in permit tcp any host 61.142.114.181 eq ftp

access-list acl-in permit tcp any host 61.142.114.182 eq 1433

access-list acl-in permit tcp any host 61.142.114.182 eq 5900

access-list acl-in permit tcp any host 61.142.114.182 eq 5800

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 61.142.114.178 255.255.255.248

ip address inside 192.168.0.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp inside 192.168.1.253 0040.d080.57ad alias

arp inside 192.168.9.242 0006.1bd8.bb7b alias

arp inside 192.168.0.242 0006.1bd8.bb7b alias

arp inside 192.168.1.141 0006.1bc1.0ac8 alias

arp inside 192.168.9.6 000f.3d80.e85a alias

arp inside 192.168.1.225 0040.d080.57ad alias

arp inside 192.168.9.145 000f.ea0d.6d3b alias

arp inside 192.168.7.168 0014.8522.6f31 alias

arp inside 192.168.8.153 0011.430e.031c alias

arp inside 192.168.9.126 0002.2ef2.7340 alias

arp inside 192.168.0.14 0003.9988.5d32 alias

arp inside 192.168.0.16 000f.eaf8.46aa alias

arp inside 192.168.3.11 0050.ba11.7dc4 alias

arp inside 192.168.2.18 000f.ea25.1b36 alias

arp inside 192.168.5.32 000f.ea0d.780e alias

arp inside 192.168.2.6 0011.1124.098d alias

arp inside 192.168.1.34 0040.0546.90f0 alias

arp inside 192.168.5.5 0040.0545.6663 alias

arp inside 192.168.0.108 0040.0546.9df3 alias

arp inside 192.168.0.253 0002.55aa.7111 alias

arp inside 192.168.7.13 0004.7966.acd0 alias

arp inside 192.168.7.18 0050.ba11.7e19 alias

arp inside 192.168.7.57 0040.0512.b50e alias

arp inside 192.168.7. 000f.ea07.9f46 alias

arp inside 192.168.3.25 000f.3d81.6694 alias

arp inside 192.168.5.27 000d.8849.3478 alias

arp inside 192.168.9.9 000f.ea66.180d alias

arp inside 192.168.2.12 0040.0543.bfc4 alias

arp inside 192.168.2.10 000d.619c.5715 alias

arp inside 192.168.7.8 0003.9988.3050 alias

arp inside 192.168.7.11 000c.71.3cf1 alias

arp inside 192.168.7.10 000f.ea13.4eb7 alias

arp inside 192.168.7.61 000d.884a.f2bf alias

arp inside 192.168.7.58 000f.ea21.de1b alias

arp inside 192.168.8.108 0004.0543.c046 alias

arp inside 192.168.7.30 0040.0513.2a5c alias

arp inside 192.168.8.109 000a.e420.6350 alias

arp inside 192.168.0.10 0040.0543.6a2c alias

arp inside 192.168.0.169 0050.ba11.76 alias

arp inside 192.168.5.35 0010.5a22.e60f alias

arp inside 192.168.5.34 000f.ea0f.3b96 alias

arp inside 192.168.0.188 000f.eafa.5d alias

arp inside 192.168.0.118 0010.5a22.d7d5 alias

arp inside 192.168.2.21 000f.eafa.5686 alias

arp inside 192.168.0.5 000d.619d.e900 alias

arp inside 192.168.2.11 000d.6193.be78 alias

arp inside 192.168.1.123 000f.eac9.e1f6 alias

arp inside 192.168.5.168 000f.eafb.55d4 alias

arp inside 192.168.0.199 0011.1124.098d alias

arp inside 192.168.0.249 000d.619d.e617 alias

arp inside 192.168.0.233 000f.ea66.17c6 alias

arp inside 192.168.0.182 000d.619c.5715 alias

arp inside 192.168.1.133 0014.8522.7827 alias

arp inside 192.168.0.201 0006.1bd3.68eb alias

arp inside 192.168.6.5 0002.2ef4.9713 alias

arp inside 192.168.1.243 000f.1fb0.dc4c alias

arp inside 192.168.0.161 0014.8580.9341 alias

arp inside 192.168.9.125 000f.3d81.6694 alias

arp inside 192.168.9.84 000f.ea0f.3b96 alias

arp inside 192.168.0.234 00c0.9fdf.48b5 alias

arp inside 192.168.9.201 0006.1bd3.68eb alias

arp inside 192.168.7.63 0014.8524.9545 alias

arp inside 192.168.9.168 0040.0547.0b8d alias

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 192.168.0.5 255.255.255.255 0 0

nat (inside) 1 192.168.0.14 255.255.255.255 0 0

nat (inside) 1 192.168.0.16 255.255.255.255 0 0

nat (inside) 1 192.168.0.56 255.255.255.255 0 0

nat (inside) 1 192.168.0.108 255.255.255.255 0 0

nat (inside) 1 192.168.0.118 255.255.255.255 0 0

nat (inside) 1 192.168.0.161 255.255.255.255 0 0

nat (inside) 1 192.168.0.169 255.255.255.255 0 0

nat (inside) 1 192.168.0.182 255.255.255.255 0 0

nat (inside) 1 192.168.0.188 255.255.255.255 0 0

nat (inside) 1 192.168.0.199 255.255.255.255 0 0

nat (inside) 1 192.168.0.201 255.255.255.255 0 0

nat (inside) 1 192.168.0.233 255.255.255.255 0 0

nat (inside) 1 192.168.0.234 255.255.255.255 0 0

nat (inside) 1 192.168.0.242 255.255.255.255 0 0

nat (inside) 1 192.168.0.249 255.255.255.255 0 0

nat (inside) 1 192.168.0.253 255.255.255.255 0 0

nat (inside) 1 192.168.1.34 255.255.255.255 0 0

nat (inside) 1 192.168.1.123 255.255.255.255 0 0

nat (inside) 1 192.168.1.133 255.255.255.255 0 0

nat (inside) 1 192.168.1.141 255.255.255.255 0 0

nat (inside) 1 192.168.1.225 255.255.255.255 0 0

nat (inside) 1 192.168.1.243 255.255.255.255 0 0

nat (inside) 1 192.168.1.253 255.255.255.255 0 0

nat (inside) 1 192.168.2.6 255.255.255.255 0 0

nat (inside) 1 192.168.2.11 255.255.255.255 0 0

nat (inside) 1 192.168.2.12 255.255.255.255 0 0

nat (inside) 1 192.168.2.18 255.255.255.255 0 0

nat (inside) 1 192.168.2.21 255.255.255.255 0 0

nat (inside) 1 192.168.5.27 255.255.255.255 0 0

nat (inside) 1 192.168.5.32 255.255.255.255 0 0

nat (inside) 1 192.168.5.34 255.255.255.255 0 0

nat (inside) 1 192.168.5.35 255.255.255.255 0 0

nat (inside) 1 192.168.5.168 255.255.255.255 0 0

nat (inside) 1 192.168.6.5 255.255.255.255 0 0

nat (inside) 1 192.168.7.8 255.255.255.255 0 0

nat (inside) 1 192.168.7.10 255.255.255.255 0 0

nat (inside) 1 192.168.7.11 255.255.255.255 0 0

nat (inside) 1 192.168.7.13 255.255.255.255 0 0

nat (inside) 1 192.168.7.18 255.255.255.255 0 0

nat (inside) 1 192.168.7.30 255.255.255.255 0 0

nat (inside) 1 192.168.7.57 255.255.255.255 0 0

nat (inside) 1 192.168.7.58 255.255.255.255 0 0

nat (inside) 1 192.168.7.60 255.255.255.255 0 0

nat (inside) 1 192.168.7.61 255.255.255.255 0 0

nat (inside) 1 192.168.7.63 255.255.255.255 0 0

nat (inside) 1 192.168.7. 255.255.255.255 0 0

nat (inside) 1 192.168.7.168 255.255.255.255 0 0

nat (inside) 1 192.168.8.108 255.255.255.255 0 0

nat (inside) 1 192.168.8.109 255.255.255.255 0 0

nat (inside) 1 192.168.8.153 255.255.255.255 0 0

nat (inside) 1 192.168.9.6 255.255.255.255 0 0

nat (inside) 1 192.168.9.9 255.255.255.255 0 0

nat (inside) 1 192.168.9.84 255.255.255.255 0 0

nat (inside) 1 192.168.9.125 255.255.255.255 0 0

nat (inside) 1 192.168.9.126 255.255.255.255 0 0

nat (inside) 1 192.168.9.145 255.255.255.255 0 0

nat (inside) 1 192.168.9.168 255.255.255.255 0 0

nat (inside) 1 192.168.9.201 255.255.255.255 0 0

nat (inside) 1 192.168.9.242 255.255.255.255 0 0

static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0

static (inside,outside) 61.142.114.179 192.168.0.100 netmask 255.255.255.255 0 0

static (inside,outside) 61.142.114.181 192.168.0.251 netmask 255.255.255.255 0 0

static (inside,outside) 61.142.114.182 192.168.0.136 netmask 255.255.255.255 0 0

access-group acl-in in interface outside

access-group acl-out in interface inside

route outside 0.0.0.0 0.0.0.0 61.142.114.177 1

route inside 192.168.0.0 255.255.240.0 192.168.0.202 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet 192.168.0.108 255.255.255.255 inside

telnet 192.168.0.188 255.255.255.255 inside

telnet 192.168.0.169 255.255.255.255 inside

telnet timeout 30

ssh timeout 5

console timeout 0

username computer password hhZS66xDnl.zVXQb encrypted privilege 2

terminal width 80

Cryptochecksum:ca453c5b679c44ffcac4a76f3e21910e

: end

pix515(config)#

十、修改进入密码

pass (加要休改的密码)

* 所有操作后请保存。下载本文

显示全文

全部频道