forum.opennet.ru

Составление сообщения

Исходное сообщение

"Доступ к FTP через PIX"
Отправлено snatch, 25-Мрт-09 08:56

Вот вся конфига, не работает...
канал адсл, арендуем 8 айпишников, ходим на внешний мир через этот 212.58.144.118(условный)
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
interface ethernet4 auto
interface ethernet5 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 outside1 security0
nameif ethernet3 dmz-qw security50
nameif ethernet4 dmz-smtp security40
nameif ethernet5 dmz-web security30
enable password xxxxxxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxxxxxx encrypted
hostname xxxxx
domain-name xxxxxxxxxxxxxxxxx.xxx
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.11.2 qw
name 192.168.10.2 smtp-server
name 192.168.1.2 pdc
name 192.168.12.2 web
name 192.168.1.4 proxy
access-list acl_dmz-smtp permit tcp host smtp-server host 192.168.10.3 eq smtp
access-list acl_dmz-smtp permit udp host smtp-server any eq domain
access-list acl_dmz-smtp permit tcp host smtp-server any eq smtp
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.0.1.5 eq 3128
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq domain
access-list acl_outbound permit udp 192.168.1.0 255.255.255.0 any eq domain
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.21.8.3 eq 3128
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host qw eq www
access-list acl_outbound permit tcp host pdc host smtp-server eq smtp
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host smtp-server eq 8003
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq ssh
access-list acl_outbound permit icmp 192.168.1.0 255.255.255.0 any echo
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq www
access-list acl_outbound permit tcp host pdc any
access-list acl_outbound permit tcp host proxy any
access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq smtp
access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq pop3
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5222
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5223
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5269
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9090
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9091
access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 10051
access-list acl_outbound permit ip host 192.168.1.160 host 10.21.4.9
access-list acl_outbound permit ip host 192.168.1.11 any
access-list acl_outbound permit ip host 192.168.1.247 host web
access-list acl_outbound permit ip host 192.168.1.13 any
access-list acl_outbound permit ip host 192.168.1.88 host qw
access-list acl_outbound permit ip host 192.168.1.250 any
access-list acl_outbound permit ip host 192.168.1.77 host qw
access-list acl_outbound deny ip any any
access-list acl_outbound permit tcp host web any
access-list acl_inbound permit tcp any host 10.21.8.2 eq smtp
access-list acl_inbound permit icmp any host 10.21.8.11 echo-reply
access-list acl_inbound permit icmp any host 10.21.8.11 source-quench
access-list acl_inbound permit icmp any host 10.21.8.11 unreachable
access-list acl_inbound permit icmp any host 10.21.8.11 time-exceeded
access-list acl_inbound deny icmp any any
access-list acl_inbound deny ip any any
access-list acl_inbound permit tcp any host 212.58.144.114 eq ftp
access-list acl_inbound_adsl permit tcp any host 212.58.144.115 eq www
access-list acl_inbound_adsl deny icmp any any
access-list acl_inbound_adsl deny ip any any
access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq ldap
access-list acl_dmz-web permit udp host web any eq domain
access-list acl_dmz-web permit tcp host web any eq www
access-list acl_dmz-web permit tcp host web any eq ftp
access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq 10050
access-list acl_dmz-web permit tcp any host 212.58.144.118 eq ftp
access-list acl_dmz-web permit tcp any host 212.58.144.115 eq ftp
access-list acl_dmz-web permit tcp any host web eq ftp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu outside1 1500
mtu dmz-qw 1500
mtu dmz-smtp 1500
mtu dmz-web 1500
ip address outside 10.21.8.254 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip address outside1 212.58.144.114 255.255.255.248
ip address dmz-qw 192.168.11.1 255.255.255.0
ip address dmz-smtp 192.168.10.1 255.255.255.0
ip address dmz-web 192.168.12.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address outside1
no failover ip address dmz-qw
no failover ip address dmz-smtp
no failover ip address dmz-web
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 10.21.8.11
global (outside) 1 interface
global (outside1) 1 212.58.144.118
global (dmz-qw) 1 192.168.11.10-192.168.11.20
global (dmz-smtp) 1 192.168.10.10-192.168.10.20
global (dmz-web) 1 192.168.12.10-192.168.12.100
nat (inside) 1 web 255.255.255.255 0 0
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
nat (inside) 1 192.168.12.0 255.255.255.0 0 0
nat (dmz-qw) 1 192.168.11.0 255.255.255.0 0 0
nat (dmz-smtp) 1 192.168.10.0 255.255.255.0 0 0
nat (dmz-web) 1 192.168.12.0 255.255.255.0 0 0
static (dmz-web,inside) tcp interface ftp web ftp netmask 255.255.255.255 0 0
static (dmz-web,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0
static (dmz-smtp,outside) 10.21.8.2 smtp-server netmask 255.255.255.255 0 0
static (inside,dmz-smtp) 192.168.10.3 pdc netmask 255.255.255.255 0 0
static (inside,dmz-web) 192.168.12.3 pdc netmask 255.255.255.255 0 0
static (dmz-web,outside1) 212.58.144.114 web netmask 255.255.255.255 0 0
access-group acl_inbound in interface outside
access-group acl_outbound in interface inside
access-group acl_inbound in interface outside1
access-group acl_dmz-smtp in interface dmz-smtp
access-group acl_dmz-web in interface dmz-web
route outside1 0.0.0.0 0.0.0.0 212.58.144.113 1
route outside 10.0.0.0 255.0.0.0 10.21.8.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 dmz-qw
telnet 192.168.1.0 255.255.255.0 dmz-smtp
telnet 192.168.1.0 255.255.255.0 dmz-web
telnet timeout 10
ssh timeout 10
console timeout 0
dhcpd address 192.168.1.100-192.168.1.200 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username admin password xxxxxxxxxxxxxxxxxxx encrypted privilege 2
privilege show level 5 command alias
terminal width 80
Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
: end

Исходное сообщение
"Доступ к FTP через PIX" Отправлено snatch, 25-Мрт-09 08:56
Вот вся конфига, не работает... канал адсл, арендуем 8 айпишников, ходим на внешний мир через этот 212.58.144.118(условный) PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto interface ethernet5 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 outside1 security0 nameif ethernet3 dmz-qw security50 nameif ethernet4 dmz-smtp security40 nameif ethernet5 dmz-web security30 enable password xxxxxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxx encrypted hostname xxxxx domain-name xxxxxxxxxxxxxxxxx.xxx fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.11.2 qw name 192.168.10.2 smtp-server name 192.168.1.2 pdc name 192.168.12.2 web name 192.168.1.4 proxy access-list acl_dmz-smtp permit tcp host smtp-server host 192.168.10.3 eq smtp access-list acl_dmz-smtp permit udp host smtp-server any eq domain access-list acl_dmz-smtp permit tcp host smtp-server any eq smtp access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.0.1.5 eq 3128 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq domain access-list acl_outbound permit udp 192.168.1.0 255.255.255.0 any eq domain access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.21.8.3 eq 3128 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host qw eq www access-list acl_outbound permit tcp host pdc host smtp-server eq smtp access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host smtp-server eq 8003 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq ssh access-list acl_outbound permit icmp 192.168.1.0 255.255.255.0 any echo access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq www access-list acl_outbound permit tcp host pdc any access-list acl_outbound permit tcp host proxy any access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq smtp access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq pop3 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5222 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5223 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5269 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9090 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9091 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 10051 access-list acl_outbound permit ip host 192.168.1.160 host 10.21.4.9 access-list acl_outbound permit ip host 192.168.1.11 any access-list acl_outbound permit ip host 192.168.1.247 host web access-list acl_outbound permit ip host 192.168.1.13 any access-list acl_outbound permit ip host 192.168.1.88 host qw access-list acl_outbound permit ip host 192.168.1.250 any access-list acl_outbound permit ip host 192.168.1.77 host qw access-list acl_outbound deny ip any any access-list acl_outbound permit tcp host web any access-list acl_inbound permit tcp any host 10.21.8.2 eq smtp access-list acl_inbound permit icmp any host 10.21.8.11 echo-reply access-list acl_inbound permit icmp any host 10.21.8.11 source-quench access-list acl_inbound permit icmp any host 10.21.8.11 unreachable access-list acl_inbound permit icmp any host 10.21.8.11 time-exceeded access-list acl_inbound deny icmp any any access-list acl_inbound deny ip any any access-list acl_inbound permit tcp any host 212.58.144.114 eq ftp access-list acl_inbound_adsl permit tcp any host 212.58.144.115 eq www access-list acl_inbound_adsl deny icmp any any access-list acl_inbound_adsl deny ip any any access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq ldap access-list acl_dmz-web permit udp host web any eq domain access-list acl_dmz-web permit tcp host web any eq www access-list acl_dmz-web permit tcp host web any eq ftp access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq 10050 access-list acl_dmz-web permit tcp any host 212.58.144.118 eq ftp access-list acl_dmz-web permit tcp any host 212.58.144.115 eq ftp access-list acl_dmz-web permit tcp any host web eq ftp pager lines 24 mtu outside 1500 mtu inside 1500 mtu outside1 1500 mtu dmz-qw 1500 mtu dmz-smtp 1500 mtu dmz-web 1500 ip address outside 10.21.8.254 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip address outside1 212.58.144.114 255.255.255.248 ip address dmz-qw 192.168.11.1 255.255.255.0 ip address dmz-smtp 192.168.10.1 255.255.255.0 ip address dmz-web 192.168.12.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside no failover ip address outside1 no failover ip address dmz-qw no failover ip address dmz-smtp no failover ip address dmz-web pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 10.21.8.11 global (outside) 1 interface global (outside1) 1 212.58.144.118 global (dmz-qw) 1 192.168.11.10-192.168.11.20 global (dmz-smtp) 1 192.168.10.10-192.168.10.20 global (dmz-web) 1 192.168.12.10-192.168.12.100 nat (inside) 1 web 255.255.255.255 0 0 nat (inside) 1 192.168.1.0 255.255.255.0 0 0 nat (inside) 1 192.168.12.0 255.255.255.0 0 0 nat (dmz-qw) 1 192.168.11.0 255.255.255.0 0 0 nat (dmz-smtp) 1 192.168.10.0 255.255.255.0 0 0 nat (dmz-web) 1 192.168.12.0 255.255.255.0 0 0 static (dmz-web,inside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (dmz-web,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (dmz-smtp,outside) 10.21.8.2 smtp-server netmask 255.255.255.255 0 0 static (inside,dmz-smtp) 192.168.10.3 pdc netmask 255.255.255.255 0 0 static (inside,dmz-web) 192.168.12.3 pdc netmask 255.255.255.255 0 0 static (dmz-web,outside1) 212.58.144.114 web netmask 255.255.255.255 0 0 access-group acl_inbound in interface outside access-group acl_outbound in interface inside access-group acl_inbound in interface outside1 access-group acl_dmz-smtp in interface dmz-smtp access-group acl_dmz-web in interface dmz-web route outside1 0.0.0.0 0.0.0.0 212.58.144.113 1 route outside 10.0.0.0 255.0.0.0 10.21.8.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.1.0 255.255.255.0 dmz-qw telnet 192.168.1.0 255.255.255.0 dmz-smtp telnet 192.168.1.0 255.255.255.0 dmz-web telnet timeout 10 ssh timeout 10 console timeout 0 dhcpd address 192.168.1.100-192.168.1.200 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username admin password xxxxxxxxxxxxxxxxxxx encrypted privilege 2 privilege show level 5 command alias terminal width 80 Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx : end

Ваше сообщение
Имя*:
EMail:	Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	> Вот вся конфига, не работает... > канал адсл, арендуем 8 айпишников, ходим на внешний мир через этот 212.58.144.118(условный) > PIX Version 6.3(5) > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > interface ethernet3 auto > interface ethernet4 auto > interface ethernet5 auto > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 outside1 security0 > nameif ethernet3 dmz-qw security50 > nameif ethernet4 dmz-smtp security40 > nameif ethernet5 dmz-web security30 > enable password xxxxxxxxxxxxxxxxxx encrypted > passwd xxxxxxxxxxxxxxxxxx encrypted > hostname xxxxx > domain-name xxxxxxxxxxxxxxxxx.xxx > fixup protocol dns maximum-length 512 > fixup protocol ftp 21 > fixup protocol h323 h225 1720 > fixup protocol h323 ras 1718-1719 > fixup protocol http 80 > fixup protocol rsh 514 > fixup protocol rtsp 554 > fixup protocol sip 5060 > fixup protocol sip udp 5060 > fixup protocol skinny 2000 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol tftp 69 > names > name 192.168.11.2 qw > name 192.168.10.2 smtp-server > name 192.168.1.2 pdc > name 192.168.12.2 web > name 192.168.1.4 proxy > access-list acl_dmz-smtp permit tcp host smtp-server host 192.168.10.3 eq smtp > access-list acl_dmz-smtp permit udp host smtp-server any eq domain > access-list acl_dmz-smtp permit tcp host smtp-server any eq smtp > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.0.1.5 eq 3128 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq domain > access-list acl_outbound permit udp 192.168.1.0 255.255.255.0 any eq domain > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.21.8.3 eq 3128 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host qw eq www > access-list acl_outbound permit tcp host pdc host smtp-server eq smtp > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host smtp-server eq 8003 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq ssh > access-list acl_outbound permit icmp 192.168.1.0 255.255.255.0 any echo > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq www > access-list acl_outbound permit tcp host pdc any > access-list acl_outbound permit tcp host proxy any > access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq smtp > access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq pop3 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5222 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5223 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5269 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9090 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9091 > access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 10051 > access-list acl_outbound permit ip host 192.168.1.160 host 10.21.4.9 > access-list acl_outbound permit ip host 192.168.1.11 any > access-list acl_outbound permit ip host 192.168.1.247 host web > access-list acl_outbound permit ip host 192.168.1.13 any > access-list acl_outbound permit ip host 192.168.1.88 host qw > access-list acl_outbound permit ip host 192.168.1.250 any > access-list acl_outbound permit ip host 192.168.1.77 host qw > access-list acl_outbound deny ip any any > access-list acl_outbound permit tcp host web any > access-list acl_inbound permit tcp any host 10.21.8.2 eq smtp > access-list acl_inbound permit icmp any host 10.21.8.11 echo-reply > access-list acl_inbound permit icmp any host 10.21.8.11 source-quench > access-list acl_inbound permit icmp any host 10.21.8.11 unreachable > access-list acl_inbound permit icmp any host 10.21.8.11 time-exceeded > access-list acl_inbound deny icmp any any > access-list acl_inbound deny ip any any > access-list acl_inbound permit tcp any host 212.58.144.114 eq ftp > access-list acl_inbound_adsl permit tcp any host 212.58.144.115 eq www > access-list acl_inbound_adsl deny icmp any any > access-list acl_inbound_adsl deny ip any any > access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq ldap > access-list acl_dmz-web permit udp host web any eq domain > access-list acl_dmz-web permit tcp host web any eq www > access-list acl_dmz-web permit tcp host web any eq ftp > access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq 10050 > access-list acl_dmz-web permit tcp any host 212.58.144.118 eq ftp > access-list acl_dmz-web permit tcp any host 212.58.144.115 eq ftp > access-list acl_dmz-web permit tcp any host web eq ftp > pager lines 24 > mtu outside 1500 > mtu inside 1500 > mtu outside1 1500 > mtu dmz-qw 1500 > mtu dmz-smtp 1500 > mtu dmz-web 1500 > ip address outside 10.21.8.254 255.255.255.0 > ip address inside 192.168.1.1 255.255.255.0 > ip address outside1 212.58.144.114 255.255.255.248 > ip address dmz-qw 192.168.11.1 255.255.255.0 > ip address dmz-smtp 192.168.10.1 255.255.255.0 > ip address dmz-web 192.168.12.1 255.255.255.0 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > no failover ip address outside > no failover ip address inside > no failover ip address outside1 > no failover ip address dmz-qw > no failover ip address dmz-smtp > no failover ip address dmz-web > pdm logging informational 100 > pdm history enable > arp timeout 14400 > global (outside) 1 10.21.8.11 > global (outside) 1 interface > global (outside1) 1 212.58.144.118 > global (dmz-qw) 1 192.168.11.10-192.168.11.20 > global (dmz-smtp) 1 192.168.10.10-192.168.10.20 > global (dmz-web) 1 192.168.12.10-192.168.12.100 > nat (inside) 1 web 255.255.255.255 0 0 > nat (inside) 1 192.168.1.0 255.255.255.0 0 0 > nat (inside) 1 192.168.12.0 255.255.255.0 0 0 > nat (dmz-qw) 1 192.168.11.0 255.255.255.0 0 0 > nat (dmz-smtp) 1 192.168.10.0 255.255.255.0 0 0 > nat (dmz-web) 1 192.168.12.0 255.255.255.0 0 0 > static (dmz-web,inside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 > static (dmz-web,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 > static (inside,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 > static (dmz-smtp,outside) 10.21.8.2 smtp-server netmask 255.255.255.255 0 0 > static (inside,dmz-smtp) 192.168.10.3 pdc netmask 255.255.255.255 0 0 > static (inside,dmz-web) 192.168.12.3 pdc netmask 255.255.255.255 0 0 > static (dmz-web,outside1) 212.58.144.114 web netmask 255.255.255.255 0 0 > access-group acl_inbound in interface outside > access-group acl_outbound in interface inside > access-group acl_inbound in interface outside1 > access-group acl_dmz-smtp in interface dmz-smtp > access-group acl_dmz-web in interface dmz-web > route outside1 0.0.0.0 0.0.0.0 212.58.144.113 1 > route outside 10.0.0.0 255.0.0.0 10.21.8.1 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout sip-disconnect 0:02:00 sip-invite 0:03:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server TACACS+ max-failed-attempts 3 > aaa-server TACACS+ deadtime 10 > aaa-server RADIUS protocol radius > aaa-server RADIUS max-failed-attempts 3 > aaa-server RADIUS deadtime 10 > aaa-server LOCAL protocol local > http server enable > http 192.168.1.0 255.255.255.0 inside > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > telnet 192.168.1.0 255.255.255.0 inside > telnet 192.168.1.0 255.255.255.0 dmz-qw > telnet 192.168.1.0 255.255.255.0 dmz-smtp > telnet 192.168.1.0 255.255.255.0 dmz-web > telnet timeout 10 > ssh timeout 10 > console timeout 0 > dhcpd address 192.168.1.100-192.168.1.200 inside > dhcpd lease 3600 > dhcpd ping_timeout 750 > dhcpd auto_config outside > dhcpd enable inside > username admin password xxxxxxxxxxxxxxxxxxx encrypted privilege 2 > privilege show level 5 command alias > terminal width 80 > Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > : end
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру