关于PIX的配置及注解

核心提示： conduit permit tcp host 10.1.1.12 anyconduit permit tcp host 10.1.1.29 any设置管道：允许任何地址对全局地址进行TCP协议的访问conduit permit icmp 192.168.99.0 255.255.255.

conduit permit tcp host 10.1.1.12 any

conduit permit tcp host 10.1.1.29 any

设置管道：允许任何地址对全局地址进行TCP协议的访问

conduit permit icmp 192.168.99.0 255.255.255.0 any

设置管道：允许任何地址对192.168.99.0 255.255.255.0地址进行PING测试

rip outside passive version 2

rip inside passive version 2

route outside 0.0.0.0 0.0.0.0 10.1.1.1

设定默认路由到电信端

route inside 192.168.2.0 255.255.255.0 192.168.1.1 1

route inside 192.168.3.0 255.255.255.0 192.168.1.1 1

route inside 192.168.4.0 255.255.255.0 192.168.1.1 1

route inside 192.168.5.0 255.255.255.0 192.168.1.1 1

route inside 192.168.6.0 255.255.255.0 192.168.1.1 1

route inside 192.168.7.0 255.255.255.0 192.168.1.1 1

route inside 192.168.8.0 255.255.255.0 192.168.1.1 1

route inside 192.168.9.0 255.255.255.0 192.168.1.1 1

route inside 192.168.10.0 255.255.255.0 192.168.1.1 1

route inside 192.168.11.0 255.255.255.0 192.168.1.1 1

设定路由回指到内部的子网

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location