思科防火墙配置（CISCO firewall configuration）.doc

思科防火墙配置（CISCO firewall configuration） Reprint a: learn CISCO firewall configuration Connect the blue line with the COM port to the terminal and the firewall Go back directly, and set the password required by telnet in the following words. (control firewalls on machines on the network) ENA pass Cisco Machines in local area networks: Run telnet Enter password: Cisco Pix506E en carriage return Password:******** (my password) Pix506E sh run (# display firewall) Pix506E conf t # Pix506Econfig # (and then you can edit in this inside) Whats often used is..: Binding of /*IP and MAC. ARP, inside, 6, 0016.1730.9442, alias ARP, inside, 6, 0017.316a.e5e8, alias ARP, inside, 0, 0017.316a.e140, alias Should allow access to the network IP, the other IP can access. Access-list 110, permit, IP, host, 6, any Access-list 110, permit, IP, host, 6, any Access-list 110, permit, IP, host, 0, any Access-list 110, deny, IP, any, any Access-group 110, in, interface, inside * (is not the beginning of my factory configuration from here). The basic configuration of /*pix. Interface eth0 100full Interface eth1 100full Interface eth2 100full Interface eth3 100full NameIf eth0 outside security0 NameIf eth1 inside security100 NameIf eth2 DMZ security50 NameIf eth3 server security40 Hostname PIX515E Domain-name IP, add, inside, , IP, add, outside, 39, 48 IP, add, DMZ, , Global (outside) 1 interface NAT (inside) 1 00 NAT (DMZ) 1 00 Route outside 37 1 / * DHCP*/ configuration Dhcpd add -53 inside Dhcpd DNS 97 01 Dhcpd enable inside / * * / configuration address mapping Static (DMZ, outside), 34, , netmask, 55, 00 Conduit, permit, TCP, host, 34, EQ, SMTP, any Conduit, permit, TCP, host, 34, EQ, 110, any Static (inside, outside), 32, 4, netmask, 55, 00 Conduit, permit, UDP, host, 32, EQ, 1721-1724, any (this is my factory) the configuration of the mail server Static (inside, outside), TCP, 4, POP3, 0, POP3, netmask, 55, Static (inside, outside), TCP, 4, SMTP, 0, SMTP, netmask, 55, Three permi