есть cisco pix 515, интерфейс inside у pix смотрит на маршрутизатор cisco,
не могу выйти в Инет с внешнего интерфейса маршрутизатора cisco, ping проходит только на интерфейс inside, а на outside и на Инетовские адреса не идет. Без pix все работате ОК.
подскажите что не так? (пробовал настраивать по разным докам и примерам конфигов, использовал команды static, nat, global, access-list, access-group.
результата нет)
вот конфиг pixPIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto shutdown
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security4
nameif ethernet3 DMZ2 security6
nameif ethernet4 intf4 security8
nameif ethernet5 intf5 security10
enable password ххх encrypted
passwd ххх encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
access-list outside_acl permit tcp any host 205.109.104.130 eq www
access-list outside_acl permit icmp any any
no pager
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu DMZ2 1500
mtu intf4 1500
mtu intf5 1500
ip address outside 205.109.104.130 255.255.255.252
ip address inside 192.168.11.1 255.255.255.0
ip address DMZ 172.16.36.2 255.255.255.0
ip address DMZ2 172.16.37.2 255.255.255.0
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address DMZ
no failover ip address DMZ2
no failover ip address intf4
no failover ip address intf5
pdm location 192.168.11.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.11.0 255.255.255.0 0 0
static (DMZ,outside) tcp 205.109.104.130 smtp 172.16.36.1 smtp netmask 255.255.255.255 0 0
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 205.109.104.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:хххх
: end
|
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
on 19-Июл-06, 23:25 
