天下网吧 >> 网吧方案 >> 方案分析 >> 正文

在pix或asa如何防止内网用户乱改ip配置案例

n coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto isakmp policy 65535

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

crypto isakmp nat-traversal  20

tunnel-group remote type ipsec-ra

tunnel-group remote general-attributes

 address-pool remote

 default-group-policy remote

tunnel-group remote ipsec-attributes

 pre-shared-key *

tunnel-group caiwu type ipsec-ra

tunnel-group caiwu general-attributes

 address-pool remote

 default-group-policy caiwu

tunnel-group caiwu ipsec-attributes

 pre-shared-key *

telnet chufw 255.255.255.255 inside

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

console timeout 0

!

class-map inspection_default

 match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

ntp server 207.46.130.100 source outside

tftp-server inside chufw pix

prompt hostname context

Cryptochecksum:c02e836587f08fa6ce4699df28408774

: end

pix515e# 

上一页  [1] [2] [3] [4] 

本文来源:天下网吧 作者:网吧方案

相关文章
没有相关文章
声明
声明:本站所发表的文章、评论及图片仅代表作者本人观点,与本站立场无关。若文章侵犯了您的相关权益,请及时与我们联系,我们会及时处理,感谢您对本站的支持!联系Email:support@txwb.com,系统开号,技术支持,服务联系QQ:1175525021本站所有有注明来源为天下网吧或天下网吧论坛的原创作品,各位转载时请注明来源链接!
天下网吧·网吧天下