Вот вся конфига, не работает... канал адсл, арендуем 8 айпишников, ходим на внешний мир через этот 212.58.144.118(условный) PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto interface ethernet5 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 outside1 security0 nameif ethernet3 dmz-qw security50 nameif ethernet4 dmz-smtp security40 nameif ethernet5 dmz-web security30 enable password xxxxxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxx encrypted hostname xxxxx domain-name xxxxxxxxxxxxxxxxx.xxx fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.11.2 qw name 192.168.10.2 smtp-server name 192.168.1.2 pdc name 192.168.12.2 web name 192.168.1.4 proxy access-list acl_dmz-smtp permit tcp host smtp-server host 192.168.10.3 eq smtp access-list acl_dmz-smtp permit udp host smtp-server any eq domain access-list acl_dmz-smtp permit tcp host smtp-server any eq smtp access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.0.1.5 eq 3128 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq domain access-list acl_outbound permit udp 192.168.1.0 255.255.255.0 any eq domain access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host 10.21.8.3 eq 3128 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host qw eq www access-list acl_outbound permit tcp host pdc host smtp-server eq smtp access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host smtp-server eq 8003 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 any eq ssh access-list acl_outbound permit icmp 192.168.1.0 255.255.255.0 any echo access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq www access-list acl_outbound permit tcp host pdc any access-list acl_outbound permit tcp host proxy any access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq smtp access-list acl_outbound permit tcp host pdc host 212.58.96.15 eq pop3 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5222 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5223 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 5269 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9090 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 9091 access-list acl_outbound permit tcp 192.168.1.0 255.255.255.0 host web eq 10051 access-list acl_outbound permit ip host 192.168.1.160 host 10.21.4.9 access-list acl_outbound permit ip host 192.168.1.11 any access-list acl_outbound permit ip host 192.168.1.247 host web access-list acl_outbound permit ip host 192.168.1.13 any access-list acl_outbound permit ip host 192.168.1.88 host qw access-list acl_outbound permit ip host 192.168.1.250 any access-list acl_outbound permit ip host 192.168.1.77 host qw access-list acl_outbound deny ip any any access-list acl_outbound permit tcp host web any access-list acl_inbound permit tcp any host 10.21.8.2 eq smtp access-list acl_inbound permit icmp any host 10.21.8.11 echo-reply access-list acl_inbound permit icmp any host 10.21.8.11 source-quench access-list acl_inbound permit icmp any host 10.21.8.11 unreachable access-list acl_inbound permit icmp any host 10.21.8.11 time-exceeded access-list acl_inbound deny icmp any any access-list acl_inbound deny ip any any access-list acl_inbound permit tcp any host 212.58.144.114 eq ftp access-list acl_inbound_adsl permit tcp any host 212.58.144.115 eq www access-list acl_inbound_adsl deny icmp any any access-list acl_inbound_adsl deny ip any any access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq ldap access-list acl_dmz-web permit udp host web any eq domain access-list acl_dmz-web permit tcp host web any eq www access-list acl_dmz-web permit tcp host web any eq ftp access-list acl_dmz-web permit tcp host web host 192.168.12.3 eq 10050 access-list acl_dmz-web permit tcp any host 212.58.144.118 eq ftp access-list acl_dmz-web permit tcp any host 212.58.144.115 eq ftp access-list acl_dmz-web permit tcp any host web eq ftp pager lines 24 mtu outside 1500 mtu inside 1500 mtu outside1 1500 mtu dmz-qw 1500 mtu dmz-smtp 1500 mtu dmz-web 1500 ip address outside 10.21.8.254 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip address outside1 212.58.144.114 255.255.255.248 ip address dmz-qw 192.168.11.1 255.255.255.0 ip address dmz-smtp 192.168.10.1 255.255.255.0 ip address dmz-web 192.168.12.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside no failover ip address outside1 no failover ip address dmz-qw no failover ip address dmz-smtp no failover ip address dmz-web pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 10.21.8.11 global (outside) 1 interface global (outside1) 1 212.58.144.118 global (dmz-qw) 1 192.168.11.10-192.168.11.20 global (dmz-smtp) 1 192.168.10.10-192.168.10.20 global (dmz-web) 1 192.168.12.10-192.168.12.100 nat (inside) 1 web 255.255.255.255 0 0 nat (inside) 1 192.168.1.0 255.255.255.0 0 0 nat (inside) 1 192.168.12.0 255.255.255.0 0 0 nat (dmz-qw) 1 192.168.11.0 255.255.255.0 0 0 nat (dmz-smtp) 1 192.168.10.0 255.255.255.0 0 0 nat (dmz-web) 1 192.168.12.0 255.255.255.0 0 0 static (dmz-web,inside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (dmz-web,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp web ftp netmask 255.255.255.255 0 0 static (dmz-smtp,outside) 10.21.8.2 smtp-server netmask 255.255.255.255 0 0 static (inside,dmz-smtp) 192.168.10.3 pdc netmask 255.255.255.255 0 0 static (inside,dmz-web) 192.168.12.3 pdc netmask 255.255.255.255 0 0 static (dmz-web,outside1) 212.58.144.114 web netmask 255.255.255.255 0 0 access-group acl_inbound in interface outside access-group acl_outbound in interface inside access-group acl_inbound in interface outside1 access-group acl_dmz-smtp in interface dmz-smtp access-group acl_dmz-web in interface dmz-web route outside1 0.0.0.0 0.0.0.0 212.58.144.113 1 route outside 10.0.0.0 255.0.0.0 10.21.8.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.1.0 255.255.255.0 inside telnet 192.168.1.0 255.255.255.0 dmz-qw telnet 192.168.1.0 255.255.255.0 dmz-smtp telnet 192.168.1.0 255.255.255.0 dmz-web telnet timeout 10 ssh timeout 10 console timeout 0 dhcpd address 192.168.1.100-192.168.1.200 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username admin password xxxxxxxxxxxxxxxxxxx encrypted privilege 2 privilege show level 5 command alias terminal width 80 Cryptochecksum: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx : end
|