思科FWSM路由模式怎么配置
思科公司已成为公认的世界网络互联解决方案的领先厂商,其公司出产的一系列路由器更是引领世界,那么你知道思科FWSM路由模式怎么配置吗?下面是小编整理的一些关于思科FWSM路由模式怎么配置的相关资料,供你参考。
思科FWSM路由模式配置的方法:
应用情况为,两个接口outside应用在广域网,inside端口位于局域网,跑OSPF路由协议,将局域网能够被广域网访问的服务器和端口打开,否则不允许访问。这个应用的情况比较简单,日后可以继续扩展,如服务器区等等。
sh run
: Saved
:
FWSM Version 3.2(2)
!
hostname SDDL-Internal-FW
domain-name sddl.com
enable password Z1UFjQZdKfrZkYLf encrypted
names
!
interface Vlan254
nameif outside
security-level 0
ip address X.Y.254.254 255.255.255.252
ospf hello-interval 1
ospf dead-interval 3
!
interface Vlan2254
nameif Internal
security-level 99
ip address X.Y.254.1 255.255.255.252
ospf hello-interval 1
ospf dead-interval 3
!
passwd Z1UFjQZdKfrZkYLf encrypted
ftp mode passive
<--- More --->
access-list acl-in extended permit ip any any
access-list SHJT_to_SDDL extended permit tcp any any eq telnet
access-list SHJT_to_SDDL extended permit icmp any any
access-list SHJT_to_SDDL extended permit ospf any any
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.32 eq www
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 3389
access-list SHJT_to_SDDL extended permit tcp any host X.Y.1.13 eq lotusnotes
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq www
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq 8080
access-list SHJT_to_SDDL extended permit tcp 10.36.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp 10.229.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq pop3
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq smtp
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq www
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq imap4
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 63148
access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 63148
access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 143
access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 389
access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq https
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 8000
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 8000
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 7000
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 7000
<--- More --->
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.38 eq 7000
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.38 eq 7000
access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.50 eq 8080
access-list SHJT_to_SDDL extended permit udp any host X.Y.128.32 eq domain
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.45
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.39
access-list SHJT_to_SDDL extended permit ip any host X.Y.1.12
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.42
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.37
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.46
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.44
access-list SHJT_to_SDDL extended permit ip any host X.Y.128.32
access-list SHJT_to_SDDL extended permit tcp 10.228.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982
access-list SHJT_to_SDDL extended permit tcp 10.227.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu Internal 1500
ip verify reverse-path interface outside
ip verify reverse-path interface Internal
no failover
failover lan unit secondary
icmp permit any outside