WEB开发网
开发学院网络安全防火墙 配置Cisco PIX防火墙实现双出口 阅读

配置Cisco PIX防火墙实现双出口

 2007-09-17 12:11:57 来源:WEB开发网   
核心提示: B、定义Access-list 为作NAT准备access-list 101 permit ip 192.168.0.0 object-group wtnetwork#内部网络到网通IP网段的Access-listaccess-list 104 permit ip 192.168.0.0

B、定义Access-list 为作NAT准备

access-list 101 permit ip 192.168.0.0 object-group wtnetwork

#内部网络到网通IP网段的Access-list

access-list 104 permit ip 192.168.0.0 255.255.255.0 any

#内部网络到任何IP的Access-list

C、NAT配置

global (outside) 1 interface

#定义NAT ID 1为网通的出口ip

global (teloutside) 4 interface

#定义NAT ID 4为电信的出口ip

nat (inside) 1 access-list 101

#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)

nat (inside) 5 access-list 105

#定义符合access-list 101(就是内部到网通IP网段)就转换成NAT ID 1的IP(网通的出口)

注意:nat (inside) 1 access-list 101一定要在nat (inside) 5 access-list 105前面。

D、Route路由配置

#####添加默认路由往电信的网关出去################
route teloutside 0.0.0.0 0.0.0.0 202.99.114.126 1
##################################################
#######添加静态路由往网通IP网段往网通的网关出去######
route outside 58.16.0.0 255.248.0.0 224.254.14.161
route outside 58.100.0.0 255.254.0.0 224.254.14.161
route outside 58.240.0.0 255.240.0.0 224.254.14.161
route outside 60.0.0.0 255.248.0.0 224.254.14.161
route outside 60.8.0.0 255.252.0.0 224.254.14.161
route outside 60.12.0.0 255.255.0.0 224.254.14.161
route outside 60.13.0.0 255.255.192.0 224.254.14.161
route outside 60.13.128.0 255.255.128.0 224.254.14.161
route outside 60.16.0.0 255.240.0.0 224.254.14.161
route outside 60.24.0.0 255.248.0.0 224.254.14.161
route outside 60.31.0.0 255.255.0.0 224.254.14.161
route outside 60.208.0.0 255.248.0.0 224.254.14.161
route outside 60.216.0.0 255.254.0.0 224.254.14.161
route outside 60.220.0.0 255.252.0.0 224.254.14.161
route outside 61.48.0.0 255.252.0.0 224.254.14.161
route outside 61.52.0.0 255.254.0.0 224.254.14.161
route outside 61.54.0.0 255.255.0.0 224.254.14.161
route outside 61.55.0.0 255.255.0.0 224.254.14.161
route outside 61.133.0.0 255.255.128.0 224.254.14.161
route outside 61.134.64.0 255.255.192.0 224.254.14.161
route outside 61.134.128.0 255.255.128.0 224.254.14.161
route outside 61.135.0.0 255.255.0.0 224.254.14.161
route outside 61.136.0.0 255.255.0.0 224.254.14.161
route outside 61.138.0.0 255.255.128.0 224.254.14.161
route outside 61.139.128.0 255.255.192.0 224.254.14.161
route outside 61.148.0.0 255.255.0.0 224.254.14.161
route outside 61.149.0.0 255.255.0.0 224.254.14.161
route outside 61.156.0.0 255.255.0.0 224.254.14.161
route outside 61.158.0.0 255.255.0.0 224.254.14.161
route outside 61.159.0.0 255.255.192.0 224.254.14.161
route outside 61.161.0.0 255.255.192.0 224.254.14.161
route outside 61.161.128.0 255.255.128.0 224.254.14.161
route outside 61.162.0.0 255.255.0.0 224.254.14.161
route outside 61.163.0.0 255.255.0.0 224.254.14.161
route outside 61.167.0.0 255.255.0.0 224.254.14.161
route outside 61.168.0.0 255.255.0.0 224.254.14.161
route outside 61.176.0.0 255.255.0.0 224.254.14.161
route outside 61.179.0.0 255.255.0.0 224.254.14.161
route outside 61.180.128.0 255.255.128.0 224.254.14.161
route outside 61.181.0.0 255.255.0.0 224.254.14.161
route outside 61.182.0.0 255.255.0.0 224.254.14.161
route outside 61.189.0.0 255.255.128.0 224.254.14.161
route outside 124.90.0.0 255.254.0.0 224.254.14.161
route outside 124.162.0.0 255.255.0.0 224.254.14.161
route outside 202.32.0.0 255.224.0.0 224.254.14.161
route outside 202.96.64.0 255.255.224.0 224.254.14.161
route outside 202.97.128.0 255.255.128.0 224.254.14.161
route outside 202.98.0.0 255.255.224.0 224.254.14.161
route outside 202.99.0.0 255.255.0.0 224.254.14.161
route outside 202.102.128.0 255.255.192.0 224.254.14.161
route outside 202.102.224.0 255.255.254.0 224.254.14.161
route outside 202.106.0.0 255.255.0.0 224.254.14.161
route outside 202.107.0.0 255.255.128.0 224.254.14.161
route outside 202.108.0.0 255.255.0.0 224.254.14.161
route outside 202.110.0.0 255.255.128.0 224.254.14.161
route outside 202.110.192.0 255.255.192.0 224.254.14.161
route outside 202.111.128.0 255.255.192.0 224.254.14.161
route outside 203.79.0.0 255.255.0.0 224.254.14.161
route outside 203.80.0.0 255.255.0.0 224.254.14.161
route outside 203.81.0.0 255.255.224.0 224.254.14.161
route outside 203.86.32.0 255.255.224.0 224.254.14.161
route outside 203.86.64.0 255.255.224.0 224.254.14.161
route outside 203.90.0.0 255.255.128.0 224.254.14.161
route outside 203.90.128.0 255.255.192.0 224.254.14.161
route outside 203.90.192.0 255.255.224.0 224.254.14.161
route outside 203.92.0.0 255.254.0.0 224.254.14.161
route outside 210.12.0.0 255.255.128.0 224.254.14.161
route outside 210.12.192.0 255.255.192.0 224.254.14.161
route outside 210.13.0.0 255.255.255.0 224.254.14.161
route outside 210.14.160.0 255.255.224.0 224.254.14.161
route outside 210.14.192.0 255.255.192.0 224.254.14.161
route outside 210.15.0.0 255.255.128.0 224.254.14.161
route outside 210.15.128.0 255.255.192.0 224.254.14.161
route outside 210.16.128.0 255.255.192.0 224.254.14.161
route outside 210.21.0.0 255.255.0.0 224.254.14.161
route outside 210.22.0.0 255.255.0.0 224.254.14.161
route outside 210.51.0.0 255.255.0.0 224.254.14.161
route outside 210.52.0.0 255.254.0.0 224.254.14.161
route outside 210.52.128.0 255.255.128.0 224.254.14.161
route outside 210.53.0.0 255.255.0.0 224.254.14.161
route outside 210.74.64.0 255.255.192.0 224.254.14.161
route outside 210.74.128.0 255.255.192.0 224.254.14.161
route outside 210.78.0.0 255.255.224.0 224.254.14.161
route outside 210.82.0.0 255.254.0.0 224.254.14.161
route outside 211.100.0.0 255.255.0.0 224.254.14.161
route outside 211.101.0.0 255.255.192.0 224.254.14.161
route outside 211.147.0.0 255.255.0.0 224.254.14.161
route outside 211.167.96.0 255.255.224.0 224.254.14.161
route outside 218.4.0.0 255.252.0.0 224.254.14.161
route outside 218.10.0.0 255.254.0.0 224.254.14.161
route outside 218.21.128.0 255.255.128.0 224.254.14.161
route outside 218.24.0.0 255.254.0.0 224.254.14.161
route outside 218.26.0.0 255.255.0.0 224.254.14.161
route outside 218.27.0.0 255.255.0.0 224.254.14.161
route outside 218.28.0.0 255.254.0.0 224.254.14.161
route outside 218.56.0.0 255.252.0.0 224.254.14.161
route outside 218.60.0.0 255.254.0.0 224.254.14.161
route outside 218.62.0.0 255.255.128.0 224.254.14.161
route outside 218.67.128.0 255.255.128.0 224.254.14.161
route outside 218.68.0.0 255.254.0.0 224.254.14.161
route outside 218.109.159.0 255.255.255.0 224.254.14.161
route outside 219.141.128.0 255.255.128.0 224.254.14.161
route outside 219.142.0.0 255.254.0.0 224.254.14.161
route outside 219.154.0.0 255.254.0.0 224.254.14.161
route outside 219.156.0.0 255.254.0.0 224.254.14.161
route outside 219.158.0.0 255.255.0.0 224.254.14.161
route outside 219.159.0.0 255.255.192.0 224.254.14.161
route outside 220.248.0.0 255.252.0.0 224.254.14.161
route outside 220.252.0.0 255.255.0.0 224.254.14.161
route outside 221.0.0.0 255.252.0.0 224.254.14.161
route outside 221.4.0.0 255.254.0.0 224.254.14.161
route outside 221.6.0.0 255.255.0.0 224.254.14.161
route outside 221.7.128.0 255.255.128.0 224.254.14.161
route outside 221.8.0.0 255.254.0.0 224.254.14.161
route outside 221.10.0.0 255.255.0.0 224.254.14.161
route outside 221.11.0.0 255.255.128.0 224.254.14.161
route outside 221.12.0.0 255.252.0.0 224.254.14.161
route outside 221.12.0.0 255.255.128.0 224.254.14.161
route outside 221.12.128.0 255.255.192.0 224.254.14.161
route outside 221.192.0.0 255.252.0.0 224.254.14.161
route outside 221.195.0.0 255.255.0.0 224.254.14.161
route outside 221.196.0.0 255.254.0.0 224.254.14.161
route outside 221.199.0.0 255.255.224.0 224.254.14.161
route outside 221.199.32.0 255.255.240.0 224.254.14.161
route outside 221.199.128.0 255.255.192.0 224.254.14.161
route outside 221.199.192.0 255.255.240.0 224.254.14.161
route outside 221.200.0.0 255.252.0.0 224.254.14.161
route outside 221.204.0.0 255.254.0.0 224.254.14.161
route outside 221.207.0.0 255.255.192.0 224.254.14.161
route outside 221.208.0.0 255.240.0.0 224.254.14.161
route outside 221.208.0.0 255.252.0.0 224.254.14.161
route outside 221.213.0.0 255.255.0.0 224.254.14.161
route outside 221.214.0.0 255.254.0.0 224.254.14.161
route outside 222.128.0.0 255.252.0.0 224.254.14.161
route outside 222.132.0.0 255.252.0.0 224.254.14.161
route outside 222.136.0.0 255.248.0.0 224.254.14.161
route outside 222.160.0.0 255.252.0.0 224.254.14.161
route outside 222.163.0.0 255.255.224.0 224.254.14.161
#备注:224.254.14.161为通往的网通的网关,##################

四、实现效果

目前国内的骨干网分为南、北两张网。南电信北网通,不通运营商之间的通讯都需要到骨干进行数据交换,因此网通的用户访问电信网站很慢而电信用户访问方位网通网站也很慢,因此对大型网络设置双出口可以使不同运营商之间网络访问速度得到改善,本文档是在这一背景下产生的需求。

上一页  1 2 

Tags:配置 Cisco PIX

编辑录入:爽爽 [复制链接] [打 印]
更多精彩
赞助商链接

热点阅读
焦点图片
最新推荐
精彩阅读