二、按照图1装上防火墙。
将从路由器到交换机上的线,改为先从路由器到防火墙,然后用防火墙的E0口接交换机。
图3
进入路由器配置模式修改,将路由器的配置改为:
Using 942 out of 7506 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable secret 5 $1$FreK$4oQGtvDEF1jv8dh3NNXnN0
enable password 123455676!
!
ip subnet-zero
!
crypto ipsec transform-set test esp-des esp-md5-hmac
!
crypto map vpnmap 1 ipsec-isakmp
! Incompleteset transform-set test
match address 100
interface Ethernet0
ip address 211.97.213.41 255.255.255.248
interface Ethernet1
no ip address
ip nat inside
no ip route-cache
no ip mroute-cache
shutdown
!
!
interface Serial0
description internet
bandwidth 2048
ip address 211.97.209.145 255.255.255.252
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip http server
!
route-map nonat permit 10
match ip address 110
!
!
line con 0
transport input none
line vty 0 4
password 123456
login
!
end
三、这时候,你可以配置你的防火墙了,以下是防火墙的配置情况:
PIX Version 5.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 pix/intf2 security10
hostname imrac_c_pix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
no names
access-list 100 permit ip 192.168.1.1 255.255.255.0 192.168.0.0 255.255.255.0
access-list 100 permit ip 192.168.1.1 255.255.255.0 192.100.0.0 255.255.255.0
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
mtu outside 1500
mtu inside 1500
mtu pix/intf2 1500
ip address outside 211.97.213.44 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip address pix/intf2 127.0.0.1 255.255.255.255
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
failover ip address pix/intf2 0.0.0.0
arp timeout 14400
global (outside) 1 211.97.213.45 netmask 255.255.255.248
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 211.97.213.41 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set trans esp-des esp-md5-hmac
crypto map vpnmap 40 ipsec-isakmp
crypto map vpnmap 40 match address 100
crypto map vpnmap 40 set transform-set trans
crypto map vpnmap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
telnet 192.168.1.88 255.255.255.255 inside
telnet timeout 5
terminal width 80
Cryptochecksum:7fd10854228b7e32b2808508f49a65a7
我们一直都在努力坚持原创.......请不要一声不吭,就悄悄拿走。
我原创,你原创,我们的内容世界才会更加精彩!
【所有原创内容版权均属TechTarget,欢迎大家转发分享。但未经授权,严禁任何媒体(平面媒体、网络媒体、自媒体等)以及微信公众号复制、转载、摘编或以其他方式进行使用。】
微信公众号
TechTarget
官方微博
TechTarget中国
相关推荐
-
思科通过收购Duo来增强云安全性
思科宣布以23.5亿美元收购Duo Security公司,此次收购将为该网络公司的云安全产品组合增添了两步身份 […]
-
Accenture公司的Tammy Moskites探讨CISO职位变化
首席信息安全官(CISO)职位仍在不断发展和成熟,对于这些变化,或许没有人比Tammy Moskites更有话 […]
-
企业没有从过往网络安全事件中吸取教训
根据Pluralsight作家同时也是安全专家Troy Hunt表示,反复发生的网络安全事件表明企业仍然在基础 […]
-
微软公司提供IE浏览器零日“双杀”漏洞补丁
微软公司2018年五月份的周二补丁日提供了IE浏览器零日漏洞补丁修复,该漏洞上个月已经被外部攻击者利用。(译注 […]