思科FWSM路由模式怎么配置
学习啦在线学习网 思科公司已成为公认的世界网络互联解决方案的领先厂商,其公司出产的一系列路由器更是引领世界,那么你知道思科FWSM路由模式怎么配置吗?下面是学习啦小编整理的一些关于思科FWSM路由模式怎么配置的相关资料,供你参考。
思科FWSM路由模式配置的方法:
应用情况为,两个接口outside应用在广域网,inside端口位于局域网,跑OSPF路由协议,将局域网能够被广域网访问的服务器和端口打开,否则不允许访问。这个应用的情况比较简单,日后可以继续扩展,如服务器区等等。
sh run
: Saved
:
FWSM Version 3.2(2)
!
学习啦在线学习网 hostname SDDL-Internal-FW
domain-name sddl.com
enable password Z1UFjQZdKfrZkYLf encrypted
names
!
interface Vlan254
学习啦在线学习网 nameif outside
security-level 0
学习啦在线学习网 ip address X.Y.254.254 255.255.255.252
ospf hello-interval 1
ospf dead-interval 3
!
学习啦在线学习网 interface Vlan2254
学习啦在线学习网 nameif Internal
security-level 99
学习啦在线学习网 ip address X.Y.254.1 255.255.255.252
ospf hello-interval 1
学习啦在线学习网 ospf dead-interval 3
!
passwd Z1UFjQZdKfrZkYLf encrypted
ftp mode passive
<--- More --->
学习啦在线学习网 access-list acl-in extended permit ip any any
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any any eq telnet
学习啦在线学习网 access-list SHJT_to_SDDL extended permit icmp any any
access-list SHJT_to_SDDL extended permit ospf any any
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.32 eq www
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 3389
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any host X.Y.1.13 eq lotusnotes
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq www
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq 8080
access-list SHJT_to_SDDL extended permit tcp 10.36.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp 10.229.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq pop3
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq smtp
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq www
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq imap4
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 63148
access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 63148
access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 143
学习啦在线学习网 access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 389
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq https
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 8000
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 8000
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 7000
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 7000
<--- More --->
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.38 eq 7000
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.38 eq 7000
学习啦在线学习网 access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.50 eq 8080
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.32 eq domain
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.45
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.39
access-list SHJT_to_SDDL extended permit ip any host X.Y.1.12
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.42
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.37
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.46
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.44
学习啦在线学习网 access-list SHJT_to_SDDL extended permit ip any host X.Y.128.32
access-list SHJT_to_SDDL extended permit tcp 10.228.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp 10.227.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982
学习啦在线学习网 pager lines 24
logging enable
学习啦在线学习网 logging asdm informational
mtu outside 1500
学习啦在线学习网 mtu Internal 1500
ip verify reverse-path interface outside
ip verify reverse-path interface Internal
no failover
学习啦在线学习网 failover lan unit secondary
icmp permit any outside