外网无法访问192.168.100.5和192.168.100.6的服务,小弟初次接触PIX,请大侠们帮帮忙啊!!小弟先谢谢拉!
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password kq8VjfQOgHWNjFvy encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix535
domain-name
www.cisco.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit icmp any any
access-list 101 permit tcp any host 202.106.89.172 eq www
access-list 101 permit tcp any host 202.106.89.172 eq smtp
access-list 101 permit tcp any host 202.106.89.172 eq pop3
access-list 101 permit tcp any host 202.106.89.172 eq ftp
access-list 101 permit tcp any host 202.106.89.172 eq telnet
access-list 101 permit tcp any host 202.106.89.172 eq 24
access-list 101 permit tcp any host 202.106.89.172 eq ssh
access-list 101 permit tcp any host 202.106.89.172 eq 8080
access-list 101 permit tcp any host 202.106.89.172 eq 1433
access-list 101 permit tcp any host 202.106.89.172 eq 9002
access-list 101 permit tcp any host 202.106.89.172 eq 8017
access-list 101 permit tcp any host 202.106.89.172 eq 8014
access-list 101 permit tcp any host 202.106.89.172 eq 2332
access-list 101 permit tcp any host 202.106.89.172 eq 8800
access-list 101 permit tcp any host 202.106.89.172 eq 4899
access-list 101 permit tcp any host 202.106.89.172 eq 9988
access-list 101 permit tcp any host 202.106.89.172 eq 8088
access-list 101 permit tcp any host 202.106.89.171 eq 7879
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 202.106.89.172 255.255.255.248
ip address inside 192.168.100.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface www 192.168.100.5 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1433 192.168.100.5 1433 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 9002 192.168.100.5 9002 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8017 192.168.100.5 8017 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8014 192.168.100.5 8014 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2332 192.168.100.5 2332 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 4899 192.168.100.5 4899 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8800 192.168.100.5 8800 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8088 192.168.100.6 8088 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 9988 192.168.100.6 9988 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8080 192.168.100.6 8080 netmask 255.255.255.255 0 0
static (inside,outside) 202.106.89.171 192.168.100.7 netmask 255.255.255.255 0 0
access-group 101 in interface outside
route outside 0.0.0.0 0.0.0.0 202.106.89.174 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
terminal width 80
Cryptochecksum:e8545ace997b34879ff1631c95f20518
: end
