!
! "
!
!"
#
$
!
% &' & %& & (& ) *& & &(+ ') ,') ,' (& -%%$ .& ,(& - '/ *& + '- % ), -+&' ,' ')0,( , 1 (& 23+ &...
64 downloads
690 Views
5MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
!
! "
!
!"
#
$
!
% &' & %& & (& ) *& & &(+ ') ,') ,' (& -%%$ .& ,(& - '/ *& + '- % ), -+&' ,' ')0,( , 1 (& 23+ &( % 45 .$ - '/ *& + &( % $,- /(&& , .& .,-') .$ *& &(+ ') ,') ,' , * % &' & $,- ), ', /(&& 1 * *& &(+ , * % &' & (,+ %$ (& -(' *& -'- &) + &( % 21 * (,, , $+&' 5 , *& % & , -( * & ,( -%% (& -') !
23
45
+ $
! !
23$ 45 +
$
# 23
45
#
!
!$ 6 ! " 275 ! $ # ! ! ! ! & & & (& %$ - *,( 8&) .,9& $,- * %% ', : , $ ' 1*,%& ,( ' ( + &( % ; +,) $ *& , 1 (&; (&9&( & ,+ %& ,( (&9&( & &+.%& %% ,( '$ ,( ,' , *& , 1 (&; ,( (&' %& & ) ( .- & &%% ,( (& & )&( 9 9& 1,(< , *& + &( % $
!
$
+ 0
!
"
$ ! !
! $
!
+
% +
+
!
! $
!
%
%
!
!
!
%
-
!
! = #
%
!
!
+
#
!
#
!
$
$ -
$
!
#
!
"
!
!
!
!
% %
%
+ (
(
/ =(
=
>
=),) % + &) ( /*
(
(&
(
&) ( /* !
3 4 ),)
( ?@ @@A=7B
!
-
/
>
! )
)
( @?@ @@A=AC7?
)
( @@A A@C@
) % +&( , 1 (( ' $ %% + &( % (& (,9 )&) 3 4 1 * %% -% , ') - % &( ) % + %% 1 (( ' & & (& &) ,( + % &) ' %-) '/ 1 *,- % + ,' *, & , +&( * ' . % $ '& ,( ( -% ( -( , & ') ',' ' ( '/&+&' ,( ( '/ (,+ ,-( & , )& % '/ - /& ,( ( )& ( & ' ', &9&' * %% ,' &D-&' % ,( ,( %, ,( ) + /& &9&' , ,( ) + /& 5 !
, ,( - % &( .& % .%& ,( '$ ') (& & % ' )&' % ) + /& ' %-) '/ 1 *,- % + ,' %, (, ,) ( '/ ,- , *& - & ,( ' . % $ , - & * + '- % - % &( * 9& .&&' )9 &) , *& , . % $ , - * > > ! $ 2 # !$ ! = :
!
6 7? 6
6
=
6
!
!
! ,
6
" ! #
6 . !
=
6
!
!
:
6 >
!
6
!
.
7? *
+
! 6
6
> . !
!
E
!
6
!
!
6
6
!
!
!
!
# $
! !
!
6
!
6
6
!
!
:
F F+
6
F+
6
F
!
6
2
6
!
+
E
!
"
"
5
!
!
! ! !
. " ! 2- .5 G 7BH7 ( !
' 1 " ( ' ( ) / ! + -
!
/ "
! ,
- .> ! )
& ' <
I
-'
#! %
9 " " ; &
0
0
(
" ; .
! -
' ( 9 1 !1 1 " % ,
!
& 9
'
"9
)
9 ! ,
*
+ ( 1 " & ! % !
) % 0 9
" "
@CCC
+/ !.
" )
!
% " ) / 8
"
"
1 "
)=
"
-
!
!
■ ■ ■
"# $% "& "
%& % ' '
"
' ( ( ' &&
&& " ) *
(
+,
'
'
&&
(
+
&& "
' '&
"
' ( (
( '
& +
(
%
&(
+ &
&& && '
)
!
"# " $
' (
" "
. ' &
+
' ( ( '
' (
(
/ ' &' &
&& 0 1 ) %
& && 0
( (
&& "
'
2 3"
+
&&
-
!
5 " ( " ( " ( " 6 " (
% % % ( %
+ !
&
-
&&
'
'
'
& (
+
&&
5 "
( %
4 )8 9
" ( % " 6 ( " ( % : 0 1 " ( % ;
+
&&
+
&&
&7
&
&
) % & ' && (
&& 0
'
4
.
5
/
! " "
( % ' ( % +
" 6 ( " ( % +
; <
<
&&
. 2 3
/ '
2 3 ' && . /
&&
(
0
( (
( (
9
!
#
%
=
%
"& =
" " " "
%& % )>
% %
'
"& > & " 0
"
)
:
8 &
?
" "6 "1 & "
& &
& (
"
( )
?
&
%
&
" &
(
% "= " @ & %(
A' 0
;
$
!
8 %(
+
B(
&&
" &
=
& ) &&
@
3@ @ @
*C " &
)
<
% "D "D " "1
% >
) &&
'(
" "#
!
%
6 "@ % &
+6 "2 A
=
: !
&
"# : !
A -
A -
A
=
A
= 3@ @
A <
9;
+
A -
: !
* C " 4
<
5EF
&&
:
9
=
A 9;
5EF A -
:
9
A -
+
A -
&&
C "
C " A -
A -
3@ C " B3 B
!
&
!
3@ C " B3 B
2
&
"#
: !
4
A -
1 )" C " @ @ @ <
9;
A -
&
"&
: :
+
&&
+ :
&& 9
A -
: 5EF
A -
!
&
!
■
!
■
!
■
!!
■ ■
"
■
#
■
$ !!
%
! $ !
" # # " !!
"
")
# %
")
!
*$
#$ % & $ ' ( %
!&
#
!! +
,$ *
! $
")
$ * " $ *
") "
&
#
-.
$!!
#
$ * " &%
%!
!
"$
!
*$
%
!&
# !'
(
&
*$
"
+
! !!
!&
,
$ "%!
"
%
#
! # % #
$!!
$ + * % # % $ 0 ! " &% $ $ *$ ! $
"1
%
* , "
$ '
" 2$ * 3 # 4 # ' "$ $ '
% 5%
$ # #
$!
$
$! *
%
3
/
&) ! !
&+
! !
!
■
* ! !
* %
!
*
! ,
■
'
(
$ !
■
"
■
-
* !.
/
!
!
!
!.
! & 0
*
* , &
!
*
!
0
!.
/
! 0!
& *
&
!
$
%
%
7 %
*
"" ""
* "" ""
! '
%% "$ "$
!!
$$
!!
88 %%
$!!
'
%% "$ "$
!!
$$
!!
**
'
88
"" ""
**
%% "$ "$
!!
$$
!! 66 88
09 09
""
6
' '
(
(
&
0 & ! & '
(&
0 !1
211
! 2113 & &4
■
211
!
0
*
& !
0 *&
13 &
■
&4
1
!
0 * !
&
& 2 553
■
!
&6 &
&
!
$ ! ! ■
" '
'
( (3
! 211 1 0
■
#
0
'
(
(3
, &
. !
'
! 1 211
* !! &
. !
■
!
37
!
&
$ "$ ( '
&
$
!
&
2 !$ "$ 2 !$ # " :# +)1;, "$
" &% $
)*+
)*+
$ )*+
)*+ '
)*+
, # #
!
=
.
$
!
$
<% * !
$ ! $
!
#
# $
- . !
$
#
$ $
)*+ $
/ $
$
$ !
$
)*+
0
$
!
$
'
$
$ * &
-
$!! $ *
4# " !! &$ # $ $ * " # "
! $
"
$
$
" &% $ $!!(
" "
>
!! 3
■
! &
3
■
3
■
&
=
$ .
&
&
38
■
1
!
!
!
#
# #
!! $
!
$ * 0" "
$!!+
" &,@
& $ $ $!! $ *
0"
$!!+
$ #
"$
"
%
!
#
-
!
" &,@
?
!!
!
! ' $
0
!
(&
$
!!
&%
) $
!
3 )) #
6 /
# ! $
!
$ 5 % . /
) $
. / 6 #
! 0 !
/
$
$
5
5
$
$
$
$
7
$ $
$
45
$
!
$
!
#
$
$
)) %
$
/ $
!
7 %
.
#
$
$
$
!
! 88
2
$ * 0"
"
$!!+
" &%
" &,@
#
$ * $ $ !
" $ #
"$
A
!!
0
0
& $
!!
&%
) $ $ )
$ .
"
!!
!
!
# 5
$
=
:
)) !!
9
. / !
6 $ !
$ ))
"$ . / ;
6
$
#
!
!
$ * 0"
$!!+
" &,@
! "
&
# $
$
$**
$ $
$ #
$
)
$
"$
$
! $
&
!!
&%
) ) $
# $
$
# $
. $
!
!
"
0
! $
$ /!
! *0 * !!
/! /
/
.
!
#
$ $
!
$
!! &
!
!
$
* !
&
8
$ * 0"
$!!+
!
"
" ) " " )
" &,@
$ $
"
$!!
$
* "$%! %
# #
%
%
"
"
$
$ $
%
% $
&$ $
$
"$
&
% $ $
$
$
$
&$' $
!!
&%
) )
#
$
)
# .
##
$
/!
<
. $
=
$
$
!#
! $
$
$
#
$ #
/ $
$
.
$
/
!
0
!#
/
0
<
$ ##
0
!
$
/
$
> 3
: $ ! !! # $ $ !
%
!! & 259&2:;&2&2
$ !
0 &"
* &
!
" &% $
4#
% #
-
$!! &
=
' ** 4$ $ *
"=
' ** &$ 3$ % 5% # $** $
"
$
#
!$
4 $ !$ += 4, $!! $** #$ $ # $ &! $!! %$ !
! ! " & #$ $ % * # # % *
$ &! $!! !$ & $**
*
% ! $! # " ' # % #
-
$!! "= 4 *
' "
# &! $!
$!
#* "
#
$! #
' %
*
' B
!!
! &
!
0
*
&
* !
6 ■
20111 7 7
! & *&
$
*
'7
(
&
.
/
& ■
< * &
■
!!
*
!! !
!
!
* *&
$
$ * 0"
$!!+
" &,@
! "
"
# !* % *
!
$**
#
*
"
'"
#
'
$ $ $
$ $ $
/
7
* 3 *
$ 0
3 ! / 0
* &7
* $
$
*&
!!
&%
) )
#
0
$ .
$
/
$
!
!
!!
$
-
/ /!
$ !
=
#
#
/$
3
#
#
0 !!
!! '
7
( ! *
& !
&
!! &6
&
!
= 4 :0$ *
)
)
%
**
$
**
!
% B
*
AA
C? C?
%
**
)
%
/A A
/A A
$
B
BB
B
A
$
**
% )
$
C?
B
* ! $**
/ 4$
!$
$! B /
$ !
$! !
C? C?
6/ 6
=
*
!
0
* $
$
&
! %
0 !
& *
& *
!
!
! 0
!
0
&
$
%
$ * 0"
$!!+
" &,@
!
"
!
!
"
"
" 4# # $ & $ & $ & #
$ * * % *
' % !
& # # # $** $ ' # % # "
$ * $! #
#
$!!
$ $ $ $ $ $ % $ &$ $ % $
&$ $
'
C
!!
& !
!!
&)
!
$
!
!!
&%
) )
#
0
$
$ $
$
#
0
#
#
0 !
/$ $$ '' '' ''
# 9 $
#
# $ ' !! !! # / $ # 0 ! '' '' '' 9 ' ' 8 ' ' & ' ' 2# ' ' 9 / $ #
!
!
#
/!
8 8 8
!!
$
!
!! $
$ .
#
/
#
!!
0
$
!
/7 $
$
$ #
0!
&
&
!
0
!!
&
$ !
0 no global
(outside) 1 192.168.1.10–192.168.1.254 netmask 255.255.0.0&
=
.
$ ! $
=
$
.
&!
# $!
$ ! !!
# - . ! $ 0!$
$ !!
! ! /
#
!
#
#
!
$
'
$ * "
$ *
$ * "$ "$
"
%
*
$
$ $ & $ * $ &!
$
* $**
$**
% * %
$ $!
*
"
$ "
%
0 % *
# !
$ * $!! % %
" $! $ #
%
$&
#
>
!
! 0
!
! &
0
!!
!!
&
! &>
!!
! &
& ! !! *
0
! %
&
!!
$ %
=
1
: $
!! !
& $ ! /
!! !
! *%
*% !!
!!
.
!
$ * 0"
$!!+
" &,@
! " 1$
$!
( $!
$**
$ &!
"
$!
$** %
( "
$ ' $**
" " 2
% $
" " A C? ! $ $ * *"
$
&$ $
B #$ $ &! $!
$ $ $)
A
%
A -
$**
C? C?
$!!
# B ?
!! ?$
!
!
'
@(
& 0 & 0
!!
$ !!
*& !
!
'
7 ,
(
&
$
!!
&%
) . . #
0 #
/
$
!
/
$
!
$
.
.
$ $ !
6
?
. /
# $
$
/!
!! !!
&
!
0
0 $ !
/
0
& ! 8"A
! 0
!
!
& *
!!
!!
! 0
* 0
!
&> &
!
21&1&2&B 259&2:;&2&21& $
2
$ * 0"
$!!+
" &, @
, ! ! " 1$ "
#
+ ! !
" $** % * #
#
"" ""
$ *4 * #
)
%
% $ *
A
&$ $
C? A
+
-
C?
$!!
B
A
!!
! >8
!
! *&
$
!
!
*
&
! 0
!
!!
&
!! &
$ $
&%
!!
) ! ) $ %* !# 4@@
<
! &
3
!!
& $
@
4 @
$
.
# $
$
#
& ''
@
@ !
$
$
#
"
3
!
*
* *
#
9
$
!#
$ $
$ #
!
&
!
# !!
$
!# #
#
!
# !
$ !
#
$
!
&%
) ! # -
5 /!
/ $ ! 7 #
$
! $
!!
# $
.
/ $
"
$
$
$
$
$#
!
#
. '' '' '' '' < # < #
5 ! $
;
$ % #
$
!!
$
3
$ 5 $ &
3
0
?
@
21&1&2&B
!
<
$ # $ 1''%' 3 =$ 0 ! $
*%
!
!# @
&
7
&
! # $ # *. 9 $ A.. ! !# $ # $ *% * $ $ >
$ ! 259&2:;&2&21
9 $ $ #B B #
$
4@@
#
$
# $
! #
&
*.
/> $
$
$
.
'$
!!
!
% #
;
* B %* $ % % 3
=
3
/!
<
7
!
" 0 !
$
-
$ &
# !
!
#
$
. '' '' '' '' < < # $ ?
!
0
5
$
#
!#
$
&
$
A.. 6 2 * 5!
$
$
'
!!
4 @
!
@
!#
&
! ! 6
;111 !!
!
& 0
!
&
$
8
=
$
#
#
* A
!
$
0 = * > *% $$ #
$ $
! 7$ $
0 ! !!
/
!
** A % $
>> BB
** %
AA
%
C? C?
>> BB
66
66 66
)
/A A
)
$
%
BB
AA
B
$
>> BB
** % $
C? C?
>> BB
66
'
$
%
66 )
66
** $
**
)
BB
(
$
! /
&
!
/
219C&
7
■
**
%
B
0
$
)
/A A
)
**
%
B
**
)
! * 0
!$
$! 6
**
)
B
4
4$
& &
■
$
■
& :B0111
■ ■
!
!
&
& !
■
& 0 *
/
& 0 /
!
& !
!
0 219C&
$
" &%
$
%
$
4 $ $ $ $ $ $ % $ &$ $ $ $ $ $ $ $ $ $ % $ &$ $ % $ &$
%$$
$ $ $ A
$
$
C? A
-
$
$
D$ # >
: &
"
C?
$!!
&
C
$!
+ A
"
$** =
"
% A
" "
& $ &! $** C? A, &! $!
$
%
%
$** ' C? A "
%
& $
!
&
$ %&
*
#
"# $ !$ * &$
#$ & * #$
$ % 5% /
$ $!
■
! ■
"
■
D
C01110
' :C0111(
! ! 7
■
0
■
=
C0111 !
) * !
.
!
!
!
!
$ #
.
$ !
0 6A &
0
$
*
! !
0
&
$ ! ip address (inside) 10.0.0.1 255.255.255.0 ip address (outside) 192.168.0.2 255.255.255.0 route (outside) 0.0.0.0 0.0.0.0 192.168.0.1
$ 0
&
* 21&1&1&1 global (outside) 1 192.168.0.9 netmask 255.255.255.0 nat (inside) 1 10.0.0.0 255.0.0.0
!
= =
$
' ** + $
,
% $
$ % $
" A $ "
% C? A !$ * $
4$
!$ &$
%$&$
%$#$
%
""
#
A
C? A -
C?
$!!
A
&
C?
A
!!
&>
7 *
, '7 (
*
*& >
! &
$ 0
& 0
259&2:;&2&5 (inside) 0 192.168.1.9 255.255.255.2550 ! nat 0 192.168.1.9&
!
&=
nat
$
%
1%!
!
"$
" &% $ !
**
$!
&
"$ "
%
% %
" % $**
$!
"$ " /
%
" :$ ! $
B
6
$ $ $ !$ !
" % ! ! %!
!
'
" :$ ! " &% * # $ *$ * $!! $ *
/
! $ !
!
!
&
! 0! 0
8 !
7 !
= , !
!
! '87 ')8 (
8"A& * !
*&
! $
0 !!
&
!&
!
4#
"$
" &% $
)1; )1; A
C?
9 /
% $
&$ $
$
$
$ $ $ $
$
D$ E >
C
$
$ # $
$
$
$
$
$
$
9 /
$ $
$ $ $
9 /
% $ $
&$ $ $ $
% $
# $ $
$ $ $
% $
&$ $
# $
% $
&$ $
*
# $
&$ $ $ $
' '
$ ( $ $ + 6
&= /
! !
7 !
■
?
■
& ! ■
■
0 &
@ *
&
>
! !!
>
& &
!! & !
!!
&
8
!
!
& !
■
! !! !!
!
!
0
0
0 &
!
■
0
*0 &
$
'
%
"$
" &% $
)1; )1;
$$
) % $ $
$
&$ $
$ $ $ $
A >
C?
9 /
>
C
$
$
$
$
$
$
$
$
$ $ # $
D$ E
B
$
# $
C C 9 /
$
$
$ $ $ $
$
$ % $
9 /
% $
&$ $
'
$
$
# $
$ $
# $
$ $
*
'
$
$ (
&$ $
$ # $
9 /
$ $
$ % $
&$ $
% $
&$ $
# $
$
$
# $
$
$
+ (
# $
$ $
*
+
C
0 ' /
&> 0 8"A0
0 !
0 !!
!!
(&
& 8"A
&) $ !
0 &
' 8"A( 0 8"A
1
!! C1 !!
& 8"A * !
0 E1& 0 &
!
/
*
!! &
4# "$
4 4# "$
4# $ *
(
$
)*+
$ $
)*+
(
$
)*+
$
)*+
$ (
$
)*+
$ $
(
!
)*+
$
(
$
(
$
$
2
7$ :0
(
" &%
!
!
* &
&
■
0
■
0 7
■
7
■
8"A
&
& & !
■
=
9
$!! &
■
■
-
$
$
■
#
7 !
*& & 8"A&
!
F %$! ! $
&
7$ F %$! * %
A
C?
9 / %
*
$!!
>
C
9 /
* 3 *
G
D$ # $ * 4
9 / B > B G
6
D$ ' 4 $ *4 4
G
* # $ * 4
?
% 4 D
$ !
0 &
) 6
&
!
& !
$ &
■
0
■
0
8"A 07
■
&
0
&
!
$
8
4$ ' (
" &%
-
$!!
"$
)
0
!
! pixfirewall> enable
= B
!
0
)
*
&
!!
!
pixfirewall> config terminal
!
/
pixfirewall(config)# hostname pixP
'
F
!
( 8"A
6
! ' !.(
'E1(
pixfirewall(config)# nameif e2 dmz security50 pixfirewall(config)# show nameif nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50
C
)
)
10 )
20
)
9
211
& =
B
$
$
#
3
!
#
$
pixfirewall(config)# interface e0 100full pixfirewall(config)# interface e1 100full pixfirewall(config)# interface e2 100full pixfirewall(config)# show interface interface ethernet0 "outside" is up, line protocol is up Hardware is i82558 ethernet, address is 0090.2724.fd0f IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 10000 Kbit full duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns interface ethernet1 "inside" is up, line protocol is up Hardware is i82558 ethernet, address is 0090.2716.43dd IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 100000 Kbit full duplex 184 packets input, 15043 bytes, 0 no buffer Received 179 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns interface ethernet2 "dmz" is up, line protocol is up Hardware is i82558 ethernet, address is 0090.2725.060d
%
!
IP address 127.0.0.1, subnet mask 255.255.255.255 MTU 1500 bytes, BW 10000 Kbit full duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns
0
>
0
8"A
*
pixfirewall(config)# ip address outside 192.168.P.2 255.255.255.0 pixfirewall(config)# ip address inside 10.0.P.1 255.255.255.0 pixfirewall(config)# ip address dmz 172.16.P.1 255.255.255.0
'
F
!
(
)
?
* pixfirewall(config)# show ip address System IP Addresses: ip address outside 192.168.P.2 255.255.255.0 ip address inside 10.0.P.1 255.255.255.0 ip address dmz 172.16.P.1 255.255.255.0Current IP Addresses: ip address outside 192.168.P.2 255.255.255.0 ip address inside 10.0.P.1 255.255.255.0 ip address dmz 172.16.P.1 255.255.255.0
=
A
! !
pixfirewall(config)# write memory Building configuration... Cryptochecksum: d4d9ae69 9f7c734c babeef58 54b69c91
4$ ' (
" &%
$! ** 07
0
0
!
7 , pixfirewallC config terminal pixfirewall(config)# global (outside) 1 192.168.P.10-192.168.P.254 netmask 255.255.255.0 pixfirewall(config)# show global global (outside) 1 192.168.P.10-192.168.P.254 netmask 255.255.255.0
'
F
!
( 7
pixfirewall(config)# nat (inside) 1 0 0
8
B
7
pixfirewall(config)# show nat nat (inside) 1 0.0.0.0 0.0.0.0 0 0
/ pixfirewall(config)C route outside 0 0 192.168.P.1 !
$
%
6
8 pixfirewall(config)# show route outside 0.0.0.0 0.0.0.0 192.168.P.1 1 OTHER static
C
=
! !
pixfirewall(config)# write memory
4$ ' B( 4 !!
# 0
*
% * $ * )1;
"$
!
pixfirewall# ping 10.0.P.1 response 10.0.P.1 response 10.0.P.1 response
inside 10.0.P.1 received -- 10ms received -- 10ms received -- 10ms
'
!
F
(
pixfirewall# ping 10.0.P.3 response 10.0.P.3 response 10.0.P.3 response
inside 10.0.P.3 received -- 10ms received -- 10ms received -- 10ms
'
!
F
(
B pixfirewall# ping outside 192.168.P.2 192.168.P.2 response received -- 10ms 192.168.P.2 response received -- 10ms 192.168.P.2 response received -- 10ms
'
F
!
(
!
/
pixfirewall# ping outside 192.168.P.1 192.168.P.1 response received -- 10ms 192.168.P.1 response received -- 10ms 192.168.P.1 response received -- 10ms
'
F
!
(
8"A
6
pixfirewall# ping dmz 172.16.P.1 172.16.P.1 response received -- 10ms 172.16.P.1 response received -- 10ms 172.16.P.1 response received -- 10ms
'
%
F
!
(
!
C pixfirewall# ping dmz 172.16.P.2 172.16.P.2 response received -- 10ms 172.16.P.2 response received -- 10ms 172.16.P.2 response received -- 10ms
'
F
4$ ' /(
!
" &%
(
)
$! $ * = 4 !!
- !
7
pixfirewall(config)# no nat (inside) 1 0 0
7
*
pixfirewall(config)# nat (inside) 1 10.0.P.0 255.255.255.0 0 0 Display currently configured NAT pixfirewall(config)# show nat nat (inside)1 10.0.P.0 255.255.255.0 0 0
'
F
!
(
"
B
*
pixfirewall(config)# conduit permit icmp any any
8
/
pixfirewall(config)# show conduit
=
6
! !
pixfirewall(config)# write memory
=
C
!
pixfirewall(config)# write terminal
>
>
!! !!
! *
pixfirewall(config)# clear xlate pixfirewall(config)# show xlate
4$ ' 6( 4
$! $ * = 4
" &% $
7 !
=
0
!!
0
!
!
!
C:\> ping 192.168.P.1
'
F
!
( 7
2& !
=
7
& $
%%
9& >
! % D
* !
" &
& !!
B pixfirewall(config)# show xlate
6
!
Global 192.168.P.X Local 10.0.P.3 nconns 1 econns 0 flags -
7
!
!
&
4$ ' C( " &% $!! % * # = '
$
$ "$
$ * *% " # G *
# =4
-
! 7
* =
! &
=
!
&
!
0
7 !
!!
! &>
!!
pixfirewall(config)# clear xlate
! pixfirewall(config)# static (inside,outside) 192.168.P.10 10.0.P.3 pixfirewall(config)# conduit permit tcp host 192.168.P.10 eq www any
'
F
!
(
" !
B
pixfirewall(config)# debug icmp trace ICMP trace on Warning: this may cause problems on busy networks
!
/
!
!
=
7 *
& -2
!
C:\> ping 192.168.P.1
'
F
7
$ !
Outbound Inbound Outbound Inbound Outbound Inbound Outbound %&
ICMP ICMP ICMP ICMP ICMP ICMP ICMP
!
echo echo echo echo echo echo echo
( $
request 10.0.P.3 > 192.168.P.10 > 192.168.P.1 reply 192.168.P.1 > 192.168.P.10 > 10.0.P.3 request 10.0.P.3 > 192.168.P.10 > 192.168.P.1 reply 192.168.P.1 > 192.168.P.10 > 10.0.P.3 request 10.0.P.3 > 192.168.P.10 > 192.168.P.1 reply 192.168.P.1 > 192.168.P.10 > 10.0.P.3 request 10.0.P.3 > 192.168.P.10 > 192.168.P.1 !
Inbound ICMP echo reply 192.168.P.1 > 192.168.P.10 > 10.0.P.3
'
F
!
(
0
0
& >
6
% #
$% &
'
F
!
(
&&
!
C
& C:\> ping 192.168.Q.10
'
F
!
(
" !
>
&
pixfirewall(config)# no debug icmp trace
4$ ' >(
" &%
* 1%!
!
"$ 8"A
*& 07
!
!
0
8"A 8"A
pixfirewall(config)# global (dmz) 1 172.16.P.10-172.16.P.254 netmask 255.255.255.0
'
F
!
(
7 !
!!
&
!
pixfirewall(config)# name 172.16.P.2 bastionhost pixfirewall(config)# show name name 172.16.P.2 bastionhost
'
F
!
(
B pixfirewall(config)# clear xlate
=
/
! !
pixfirewall(config)# write memory
!
6
&
C:\> ping 172.16.P.2
'
F
!
( !
C
2&
=
7
=
7 &
9& > $' & &' !
! F
!
( $
%'
B& >
0
0
!!
pixfirewall(config)# show arp outside 192.168.P.1 00e0.1e41.8762 inside 10.0.P.3 00e0.b05a.d509 dmz bastionhost 00e0.1eb1.78df pixfirewall(config)# show xlate Global 172.16.P.2 Local 10.0.P.10 static nconns 0 econns 0 flags s Global 192.168.P.3 Local 10.0.P.10 nconns 0 econns 0 flags pixfirewall(config)# show conn 0 in use, 3 most used
!
>
=
2& )
7
(
)* !
$ ' @'
F
!
0
" &%
$' &6
(&
9& G
4$ ' ?(
) ?+
% *
),
&
# )1; !
8"A& !!
! !
&
D
&
! 8"A pixfirewall(config)# static (dmz,outside) 192.168.P.11 bastionhost
'
F
!
( !
!
8"A pixfirewall(config)# conduit permit icmp host 192.168.P.11 any
'
F
!
( !
B C:\> ping 192.168.Q.11
' /
F
!
(
H pixfirewall(config)# show xlate Global 192.168.P.11 Local 10.0.P.3 static nconns1 econns1 Global 192.168.P.11 Local bastionhost static nconns0 econns0
%1
!
!
6
& !
*
8"A
pixfirewall(config)# conduit permit tcp host 192.168.P.11 eq www any pixfirewall(config)# conduit permit tcp host 192.168.P.11 eq ftp any
'
F
!
(
8
C
pixfirewall(config)# show conduit conduit permit tcp host 192.168.1.11 eq www any (hitcnt=0) conduit permit tcp host 192.168.1.11 eq ftp any (hitcnt=0)
>
2&
&
9&
&
B& >
! #
C&
$% &
D
&
E& >
0
0
!!
& ?
2&
&
9& ( '
)*
)
0 #
F
& $% & !
(
B& D & C& >
0
0
!!
& =
A
! !!
&6
!
pixfirewall(config)# write terminal Building configuration... Building configuration... : Saved : PIX Version 5.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall
!
$
%2
fixup protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521 names pager lines 24 no logging timestamp no logging standby no logging console no logging monitor no logging buffered no logging trap logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto mtu outside 1500 mtu inside 1500 mtu dmz 1500 ip address outside 192.168.P.2 255.255.255.0 ip address inside 10.0.P.1 255.255.255.0 ip address dmz 172.16.P.1 255.255.255.0 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 arp timeout 14400 global (outside) 1 172.16.21.10-172.16.21.254 netmask 255.255.255.0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 no rip outside passive no rip outside default no rip inside passive no rip inside default no rip dmz passive no rip dmz default route outside 0.0.0.0 0.0.0.0 192.168.P.1 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps telnet timeout 5 terminal width 80 Cryptochecksum:9963c491006b1296815f3437947fab81 : end
%9
!
=
! !
pixfirewall(config)# write memory Building configuration... Cryptochecksum: ae9fc9fc a3005950 f9daec62 5683c88e [OK]
!
$
%8
%
$ !!
.
&
% " 4# -
$ $!! $
" 4#
$ * # $! $**
" 4#
$ * # " !! # $ *
%
$ &( $ *
$ * % *
$
$
! $ '
" &% $ & #
$ * $ % * # % # -
#
#* $!! $!!
B
&
!
■ ■ ■
!"
■
# $%&
%$■
"
'
■
$ (( )
*
!
!" ! #
% " # " # #
* +
% *% * ,-
# '& % /% % %!!" # '& .4
0 %""
+
# $ $%! & "" $ # "" ' % ( ) # '&
$ %
* #"
'+
12 1 #
3, # "
" .% * '
$ $
!
" !
" 5$ ,
&'$ $
.
%""
"-+
", #
%
""
*
+
,%
$ $ $ &'$
&
% " & % " $ & .
%"" %
%
%
,
% 5$ % % %" &
%
$ $ % * % * # % *
% * % *
$
% *
6
"
.
)
(
,
' (
/
(
. -+
((
"
(( ((
(
( ((
+
"+
"
(( )
+
"
((
+
(( ((
(
+
(( ((
2
"" $
& $ (
!
" !
& * ""
% ""
( "
.
+ %
&
& "
$
' &! "" & * "" ""
$
' &
% * ! 8#
#
%""+
""
# '-9
&
%
#
"" :
! 8#
! ;% %""+
% % %
"" % *
$
%
(
%
"" # '-9
# < * % %
""
%
#%
7
(( (( (( ' ( / (( (( +
'&
' ( ( . )
'
( ) ' ( . $ 0+0+0+122 122+0+0+0 ((
=
((
+
$
!
* " *
$
$
'
+
,
& "
$ !
$
! ,
, * "
"& $
* "
$
,
&
,
,
$ "
$
$ " $
)
,
&
&
,
!
" !
)
'
'&
((
=
!
/
"
#%
!
" !
&
$ /
'
"
$
$
, ,
$
.
",
% * ! 8#
%""+
#
%
# '-9
% %
""
% 0$ $
* &
% 0$ $
* &
% 0$% %
! 8#
%
' &
$% " %
&
% % * &
%""+
# = !
' $ % *
! % &
& !
#
$ # ""
')
& * #
#
& &
* & *
% *#
*
# '-9
$% %
&
& *
% *
%
*
'
'
>
((
,
"-
)
) ■
#
■
#
■
#
■
#
' . .
(
+
/
/ )
+
)
'
((
'&
=
! "&
! *
+
$ '
$
'
$
/ / % %
0
'
$ ,"
' ,$
"
1
!
" !
'&
=
! $
" '"
(( ((
)
&
!
3 *
=
,
"
&
& *
!
" !
&
$
" &
!
'
'
""
+
"
)
$ $
+
!
) /
!
"&
$ 8"%
* +
/
2
+
" (( )
((
'&
!
((
)
" . ((
'
& *
&
""
3 ""
"
!
$
" %
""
$
2
",
18% !" !
"
! #
% (
#
" %!!" %
#"
' &" &
+% *
=
"" %
-
%**
@55 #
& !
& *%
" % *!
(
?
/ ./
1
4
(
+
!
" !
A%"
&
*
"
'
( 5
+ +
/% % !!" # /% % %!!" # " ! $ * *
"
'
' %"" % %* " %* ' # /% % %!!"
# /% % ! ' % $ $% *
% !
# /% % %!!" % % * $
8
* % %
% %
$ " $ %* *
&% " ! '% & ! "
&'$ $% %
B
5 5
)
6
6
+
. )
5
(
( 5
(
70 ,4
-/
) ((
!
" !
.
(( +
( ) ( 5 .+ 5
) (
+
$
4
/% % !!"
! 8#
%""+
# 5$ $ & #
5 $
% *#" %"" #
.
$ & /% % %!!"
5 )
(+ 5 )
%
%" %"
% *
&
+
)
D
*
% *
"
) ((
=
!
(
" "
6
& $
"
$ "
,
/
$
$
( +
(
(
7
) (
(
( 5
+# 5 (( 8
%$(
' '
/
5
%$(
5
'& C
& /% % %!!" % & & *
$
(
) ( )
'
# '-9
/% % %!!" % % !&"% *% %
% #
" % *
(
/ 9
/ .
/
5
.
00000000: café babe 003 002d 0099 0900 8345 0098
!
" !
" ! 8#
#
/% % % *
%""+
%
# = !
% *
# '-9
% % %
! 8#
' $
%""+
8
&
"" $% " /% % %!!"
& ! $
# *
$ $
&
& *
(
# '-9
$% %
&
& *
% *
%
*
'
'
!#!#!#! !#!#!#!
((
+
' ( ) '
((
'&
=
! "&
$
! *
+
'
$
'
$
/
$
/
,"
% %
'
&
!
=
! , "&
" !
"
((
/
!
,$
$
"
'"
'&
'
1 '
)
'
$ $
$
'
!
'&
=
!
+
" & $
& &
+
& *
""
" &
& *
3 ""
!
$
" !
. <"
#
. *
#
.
# 5$
. "
/ " . :
" % %!!" 0 !%' " % ! % % ( %"" %
( ). %( ( )
.
!
" !
+; .
(
$% % $ %!!" % * %
&
, :
( '
*
% # "
" . -/
(
.
%(
, "%+
) )
) (/ )
+
$
(
. <"
! 8#
#
%""+
" !% (
&
( '
% *
# '-9
. & %' #
&
(( )
'
(
.
= 8
-
! , &
& 8/9' : &5 ,
!6 ;
$ "
/
7 /
& %" %
)
!
$$
/
2
+
((
'& %
& *
$
"
$ "
$
, $
$
, ""
$
!
&
" !
.
% *
$! !#!#!#! !#!#!#! !#!#!#! !#!#!#! #
! # $% $ %!!" 0 %## % " %" $ % *# % # ' $ 1 '
'
=AF
. " ( ' ! G #
A% (
'
18
&
5
E
6 3 =
2 . =< '% % 6
(( / (
!
" !
)
!"
4
"
(( ) '
$
+ 70
+
.
3,
"
'
$0
12 1 ( !"
#0
12 1 ! *
* #0
# $%&$%+
0
12 1
& *# *
%
%$12 1 %"" %
'% H% $% % & & %& $ H *
&
"
#0 $0 12 1 '% H% % '&% * %'% & * %& * !" ' $% % ( "% * % * & ' ( & #0
12 1
(
0 *
25 % *
"% >
# $%&$% /
. ( + # $%&$% + # $%&
%$.
/ !" ) . (
!" .+ +=
# $%&$% !"
(
.
+
# $%&$% ■
?0
■
A0
( # $%&$% < ) ) /
< + # $%&$%+ ( / )
) !"
)( !"
> +(+
2 +(+
@0
+ + B0
■
(
+
# $%&$% ■
4
■
"
■
4
#
&
$
(
( ) .
■
(
(
■
0
(C
(
) )
■ ■
.
4
?0 ),
2/200
.!
" !
3,
$
"
' 0
*
12 1
0
,, % &
'(# )# #*
%" 12 %" 0 0 12 1 1 ** "" %* %* $$ "% "%
""
'$ '$ ""
! &
%
! ! ! !
!
$
=
' *
%
0 ! ?
12 1
>
?
# # $%&$% # $%&
%$3 . !"
. + . (
) !"
!
" !
!" 3 <
( !"
(
/ !"+
3
( . / # $%&$% 3
+
$
2
= ! 8#
%""+
# 5$ 0
$ 0
12 1
# '-9
% **
' %
%
$% &
12 1
& #
' %
!#!#!#*
!
$
8% !" $ 0 #% % %** ! # *% $ %8 . %"" $
12 1 $ & $
$ %"& #
%"" * *" 8 0 12 1
* * #
$
G
;
)
< # $%&$% # $%&$% (( + )
'
'&
!" ) # $%&$%/ ) + /
# $%&$% ( (( !"
((
=
!
/
, $
$
$
$
/ =>' $ &
1
!
$
/ " 3" " & $ 3 .
7 & <* < " $
" /
$
!
" !
# '& 0 ( ! 8#
%""+
$ . %"" $0 12 1
# '-9
& #
& 3, $% % %!!" %
& *& # * ' % *
% $ $ 0
' 0 "* 0 * 0 12 1 # " '
& # #"
$ $ I&
% *
"" $
! ! ! !
.
%"" $
B
!" ' ( !" 3 ((
# $%&$%/ 3 # $%&
%$(( +
(( # $%&
%$+ !"
)
+
# $%&$% !" 3 70 !"
/ )
'&
'
/ +
3
. ((
=
!
&"
=>' $ "
$ !
8// ?7
8
!
" 7
7 &@ =>'
3 /
*
#" $ $ "
$ ,"
, $
/
* %""
+
7
$
,"
$
, $
7 & <* < & ! &
$ !
" !
$
4
0
12 1
1 '$ % % # '& 0 # #
# '& %
& * 12 1 )
' &
3,
# 0
( %
# A
%'
# , '' ' # 3 '
%
#
"
#
# ■
& 0
12 1
)
# $%&
%$$ :D # $%&
%$) .
(
( !" :%
■
/)
)
)
. # $%&
%$) ■
# . .
:% 6 )6 . :%
■
. +
"
+
)
:%
+
) (
) (
) ■
/ <
)
.
.
+
)
+ ■
! (
:% + :<
■ ■
&
)
(
)
# $%&$%: # $%&$%6
) # $%&$% <
(
)
+
) +
!
" !
' 5%
$
/ .
# $%&$% . +
( $ : +
■
■
$ )
■
$
&
" !
) .
)
:$ + :"
) ( + +
!
) ( $
& (
) & ( )
+ $
/ +
$
#
)
)
'
) (
) $
$
.
(
/
$ )
) )/ )
$ +
(
'
+ . )
. ' )
( +
< .
,
. ' <
/ -+ = ./
) (
)
)
+
!
" !
#
5
)
/)
(
+% .
( )
+ (
+#
$ / # $%&
%$> " "& $ "
(
" !
$ +
" &
+ $
!
$
!
)
. $
2
) (
$
"
&
3, 5%
6
#
<
: !" . ) ) # $%&$% :) ( ) . !" + ) ( !" ( ) ( < /) !" +9 !" . ) # $%&$%+ !" ( / # $%&$% ( +
( ( . ) 8 ( # !"
( ( +
/
.! 6 ' " + 8 ( +9
.
!" $ ( (
!" +
< 8
.
)
)
!"
+9
!"
!" ) # $%&$%+ !"/
/
.#
( !"
.
(
) ) 6 " 8$
)
6
+ !"
!" # $%&$% . / / . + '
( / !"
!" (
) $
+,
/ !" +-
( ' +
)
( !" ( /
( +
!" !"
.
+9
!
" !
0 ( %
5%
7
# .
) += .
. #
(
(
+ )
.
# . /
) # $%&$%/ + . ( / ." +
.
# .
!" ) # $%&$% /
*
( 4 "
(
+ ) ;
.
) .
# . /
" !
* /
)
. ( )
!
.
.
.
( / "
.
/ *
+
( +
$
.
A
%'
5%
>
;) )
/
) (
( 8
# $%&$% (
.
/)
!"
.
+ /
(
) /
) )
$%& ++
( )
4
' ( / ' ( ) .
. 9+
/
+
!"
(
/ !"
( +
0
!
" !
, '' ' 5%
?
# $%&$% ) ) . !" -/ ( (
)
!" 3 -/ 3
')
■
■
$
!
" !
!"
(
" , 3 ( ) ' )
6
/ :%
:% ) 4 & ( . +
# $%&$% # $%&
%$3
. /
+
)
! 3 :% # $%&$% 3 +
■
)/
"
):% /
! 3 # $%&$%+
+$
)
( ■
3 ( , 3 +=
)+
)
'
/
)
)
+
(
.
)
) /
.
(
( + . ' .
/ # $%&$% * ( (
' # $%&$% # $%&$% ! ( ( +
$
! (
+
/
2
" 5%
G
< )
) + ;)
< <
/
2
/
(
# $%&$% + 7 & <* < $ $ 9
)
# $%&$% / # $%&$% 3 / ) )
$ +
&
( ■
■
$ $ ! # $%&$% + <
( 3
( )
■
: /
:<
)
)
<
+
<
:%
)
(
# $%&$% # $%&
%$( ( < <
' < (
=
) <
) < ( +=
( ) <
1
( + ( /
+ +
) +
<
(
( # $%&$% ) ) E0 ( < / <
# $%&$% < < ) ( ( +
) !
( )
. " !
@55 ! 8#
8&! %"" +
# '& %
# '-9
& # = #
!
#
@55
% , ' %"" 3, % % " *% 1 % "
3, %
+* #%&" J G *
*#"
@55
%##
+ $
" '
' +0
12 1 /% %
.-
# #* % " * %
!
%
3, %
3, " '' ' *#"
'
* %""
*
& &
$!$! $ $! $(!! & $! B
4
'
) 70+ # 4
!"
+
4 ,
4
'
/
)
-+
!"6
+ 4
'
/ !"
!"6
+ )
'
'& !
((
= "
! $
$3
$
!
" !
"&
$
$
4
,% 18
)
# '&
(
0
12 1
'
'
)
)
(
+
.
"+
■
(
■
+ .
■
# $%&
%$■
#
& $
# $%&
%$■
# $%&$%+ +
.
+
K &%" ) '
)
(
+
,% K &%" *! &
B
>G &
L 6 * ?
. %""
>
L 6
* H
*
0
<% $ % * 5
L 6
?
0
<% ( 5 % *5 5
7
0
0
* $ 12 1 % *
5
!
" !
5% ( )
# '&
$
,
(
/ EA1+?0+E+20 )
!
%
!
4
((
+
"
)
.
pixfirewall(config)# access-list 101 deny tcp any any eq www
%
!
(( "
pixfirewall(config)# access-group 101 in interface inside
EA1+?0+E+20 )
!6
! (
!7
4
+
((
pixfirewall(config)# no access-group 101 in interface inside
((
!>
"
pixfirewall(config)# access-list 101 permit tcp any any eq ftp
;
!?
"
)
pixfirewall(config)# access-group 101 in interface inside
EA1+?0+E+20 )
!G
! (
!B
4
+
(
pixfirewall(config)# clear access-list
$
!
pixfirewall(config)# show access-list
$
!
6
pixfirewall(config)# show access-group
5% ( ) "
A%"
&
*
(
5 .
%
!
((
. 70
)
(
pixfirewall(config)# filter activex 80 0 0 0 0
%
!
((
.5
pixfirewall(config)# filter java 80 0 0 0 0
((
!
)
pixfirewall(config)# show filter filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 filter java 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 !
" !
$
)
+=
5% ( )
# '&
$
.
%""
0 (
$0
( # $%&$% !
12 1
.
%
((
(
pixfirewall(config)# config terminal
!
%
((
# $%&
%$pixfirewall(config)# url-server (inside) host 10.0.P.3
, !
F
(
-
$
6
)
((
pixfirewall(config)# show url-server url-server (inside) host 10.0.1.3 timeout 5
!6
% #
(( #
#
( # $%&
%$!"
pixfirewall(config)# filter url http 0 0 0 0 allow
!7
<
)
((
)
((
pixfirewall(config)# show filter url filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
5% ( 6)
%"" 0
12 1
% 25
( +
# $%&
%$!
<
6
.
' #
#
!
<
6
.
()(*
+
!
# .+
!7
.
!>
.
(
+
# $%&$%+
# $%&
%$!6
&
/ (
.
+
# $%&
%$(
+
+
$ Password: cisco Password (again): cisco
!?
.
!G
.
!B
.
!
.,
+ + ( (
+ +
!
" !
5% ( 7)
# '&
0
12 1
<"
( !"
(%0
3,
# $%&
%$!
4
!
( .
EA1+?0+E+20
.
6
(
!>
."
!?
."
!G
. 34+
!B
. 34+
+ -!
-'
#
#
$%&
-'
#
#
+
# . '
+
+ + !
$
4
!
# .
/ /01*()*/*2)
/
)
+
/
!"
!7
) !
# .
)
+ /
# $%&
%$!6
)
)
# $%&$% ! -' #
!
.
+ EA1+?0+E+20+ =
+ )
!
+ # $%&$% ! -' #
!
.
# $%&
%$!
!"
! 6 ! 7
."
! >
. 34+
! ?
. 34+
#
/
-!
+
/
.
$%&
)
+
.%
+
+ !
$
4
! G
) !
# .
+ EA1+?0+E+20 =
+ ( .
! B
5% ( >) 0 ( %
)
# '&
/
0
12 1
<"
( !
. ( ) ,
!
" !
+
(%0
# $%&$% (
!
)
# $%&$% ! -' #
# .
# . . F
.
.
)
+ ) !
#
# . /)*)*!*( (
-!
-'
+ ( /
" +
-
$
#
#
!
."
+
!6
."
!7
. 34+
!>
. 34+
!?
4
+ !
$
+ EA1+?0+E+20+ =
+ )
!G
+ # $%&$% ! -' #
!B
. (
!
) !
# .
# .
) ;
) .%
!
."
!
. 34+
! 6
. 34+
#
#
.
( /
#
#
.
+ !
# $%&$% ! -' #
! >
.
.
! ?
. 34+
$
+ ) !
# .
#
-!
#
$
.
-'
+ # $%&
%$%"" % * $ 0
+
12 1
( !
-'
+
.
5% ( ?) 3
-!
+
!
! 7
# +
# $%&
%$! (
6
pixfirewall(config)# no url-server (inside) host 10.0.P.3
, !
F)
(
! (
-
((
pixfirewall (conifg)# no filter url http 0 0 0 0 allow
# $%&$% ) 'G # $%&
%$! !6
= .
!7
=
!>
=
)
( /" !678 (
( G# $%&$% 5' #
9 )
.
G
)
%
. + #+ #
)
#
,
+
(
.+
: " +
+
.+ +
. 34+
!? !G
$
=
(
)
(
+!
)
(
+
!
" !
&
% ((
C
. )
&
#
!
" !
*
(
%
% *$ ""
#
# '&
%
#
# '& $ $
0 .
+
# '& * #"
% '
12 1 # %""
3, # "
$
'
.
■ ■
!
■ ■
"
■ ■ ■ ■ ■
#
$ %% &
'
!
!" $ # ""
! # # * #
%& $
# * %& $
+%
# $ $%! ' % ( ) %
%& $
$ , ## % ,%
# *
$
# *
$
# 0%
(
$
#
%"" % ,
#
# '&
&
&
+%
""
% ,% %& $
&
%
& $ &'$ ! "
/
$ ,
& $
-
'
%
$
&!!
# '&
&
'
%& $
!
% "
-. " '
%"" (
$
-
#
1 ,
%"" 02
%""
!
" !
,& ) %(
&$
"
% % ,
#
& $ +% & '
&$
%
& 1$
&%
& %
/
&$
+%
#
$ & %& $
& 1
%$%& $
&
" )
%
'
& 1
%$)
+%
& % ,
& 3 4& #
)
&,,
)
*
+
) "
(
(
"
( & %
,-) .
)
&
& $ /( 0
2 34
(
)
% /(
1
% )
% /(
56
%
% 2 34
1
$
)
% (3
)
( )7 7 %
8
% "
)8
) ) &
(9
.
(
)
" &
(
"
1(
%
) 7
8
7
" 8 %
&
&
) %%
%
&
:
(
&) %.
(
!
" !
$
%
1$% $ # 2 "
# 722
&
-
%"") %
%
) ,)
&
) % %
#
$
$6 $
)
6 " " (
$
,)
(
2 &
-
%"") %
%
)
$6 $
,)
6
( 5
9
& ;9
■
%
&
( % ) "
( )&
&
%
%
( ;9
■
(9
%
%
%
%(
)
%%
& &(
% % )
% %
&
%
%
<
=
% > %
=
<
=
> %
=
% =
% "
) %
=
% &
0 ■
"
.
%
= )
=
(
'
$
;9
()* +
?
& )&
%
%
&
%
( ( % .
& %
% )
%
<
=
% > %
=
<
=
> %
=
%
!
" !
=
% "
) %
=
%
%
= )
=
.
( @
%
%
(
% ?
% & % % &)
&
/
%
(
.
)
% $
"! ' !.
'
-
"
5 <
!
" !
6
78 <
/'' ! " 9* :- -$ -995 ' . =0
$
0
" "
" $
4
"
/''
.
0
9 # A /
,BC % % & (
(
*>+
( % &(
& %
0
)
/
0D
&
.
123
" '
.
. .
; 0
$ $
,
& 2$ &'$ 2$ & %
%( $
%
/
! %
4&
1
2$ & -
:&
6"
%":&
:!%
6"
%":!%
! %""
! ,
# &
%& $ % $ ; & $ &'$< $ %"" % , $ " %" & % % , !% , % !% , $ %& $ %
$
%
9
4& $ & !%
%"" # %
% , ,
& 8
% $&)
?
%
% %
( &
&
% %
% "
%%
* '
?
& ) & &
>
/ ) : /& % (
& &
%
%?
? &
& ? % )
43 ? %
4!
& +( $&
& 2 34 1 )
( %
!
" !
&!! 2
, >
&& 02 02
3 *
&& 0 0-
22
%%
&& 02 02
>>
@@
&& 0 0-
''
? ?
=
%
■
& &
<
%%
! *
4!
*
?4!
2 %
3
?
4
+
+
*2 3 4 + ! *
<
4!
<
" !
*
1+
1
<
!
*
?! +
<
■
%
<
#
<
E
*
?! + ?4!
$
+
?
%""% 1 ,
#
&
#
02 $
! (
%""%
1 +% ,
A
0
A
" . $
! ) !
#
&
%
% (
%
3?2 E
!
% &
&
3?2 E
(
( /
!9 !
(
#
2
# %
!8
G
% %
(
/
!5
(
F
%
9
&
(
(
/ (
F
(
% )
/
/ $
%(
( != !B
@
/
(*
/ % ) % )
% /
%
%(
$ /
&
(+ ( !
" !
/
0
$
! -
*
!A
(+
& (9
$
% (
% / (
& %
$
)
(
$ )
%
$
)& $
/ (
/
/ $
/
(
/
/
) / $)
%
3
/
&
/
& )
/ $
( &) &
(
/ %
$ )& 3
(
/
& (
/
3 ! 4 &
&
3
(
*
&
+( ) H
&
)
! 9 *
(+ % ? ! 4 E ) ( / (
" !
/
)
(
(
/
/
(
%
# &)
!
/ (
(
!
!
/
(
/
!
(
)
%
/ & / !
(
& !
/
$
3
(
B
C%
# '& % #
&$ % & & 2 >D & 3 * D
#
&
' E
E %
& F
-
%"" % %,, %""
#
& F %,, # 1 , 02 %,, & F %,, # 2 > 3 * G & F % G & ?& $ % $ %""
%
!
-
% 4
■
*
4 (
+
; &
&
! % ;! %
■
(
/
*!
1
+
( ; (
■
!
!
■
;
1
■
2 3 4 @ &; % !
( %% 2
( /
&( & /
0
(
! (
( ( / $
! 5
(
!
(
/
&
(
$ $
$ $
.
" C
.
$
.
$
$
$ 7
4
E
! 8
% ■
) ! 2 %
( E $
)
/
"
#
$
/ $)
;#
( !
" !
■
2
■
2
■
2
;2
&
;*3
%
(+ 2
2 34 I (
9
( (
1;2
& %
$ %
% ?%
! =
) %
■
/
; ,( %
E H /
$ %
!
" !
&
%
%
(
% / $)
% &( %(
&; )% %
%
% > %
%
H
?% &( %(
(
( !
/
1)
(
$
E E $ % )
■
! B
&2 3 4 )
%
)
/ %
$
( (
/
(
& !
)
&$
%
# '& % (
! ! /#
%"" D
#
'
! /#
#
# 'EH 2
>
%"" D
3 *
!
"
%'
&! %'
# 'EH %
# ,
#
$
! ! !"
4
#
# $
&
#
%'
%
&
%% (
9
"
( 1 1 %%
) )
&! %'
&
& &
'
&
2 34
&
)
,0 BJ0
( ,0 1 % ) (
)
2 34
(
) &
&
? ■
?
E9
■
?
2 34
0
$
1
$ " "" " $
" . -
$ $ "
.
!
$ ""
"
!
" !
0
'
$ "" "
" '
D
'
$
> ,
#
#
$
%
&
E F* @ %!
#
' &
> ,
> > $ $
&
%%
() '
()
&
*
+
'&
*
! "
' $
-
'
-
$
$
"
.
0 " !
$
0 $
" "
.
$
"
"
.
!
"
! $
!
$
!. $
"
-
D ?
.
" 0 ' ' " 0" " "
" !
D
'
-
' E F*
% ,
"
"
-
&
"
'
!
?
" $
$
"
' E F*
'
%%% +%
%%% %& $ ' ""
$
-
"
*
%%% "" %& $ % %%% % &
!
E F*
& #
!
$
> >
$
#
.
E F*
@
&
8
. $
0
.
$ . $ $
% " " " !
$ ,
" $ " " $ . $ '
$
D
%
F % " ! /#
%"" D & ( &
&$
# 'EH &
' & ( &
# * #
%& $
#
'
&
'
%## I%
& %
%
) %"" 2
% ,
#! $ !
"
%##
& ! ! ! & & ( & ! ! ! ! ! ! ! ! ! & ! ! ! ! ! ! ! ! ! ! ! ! & ! ! !** "++!"++!"++!"++ ! ! ! ! ! !
! ! !
&
$
( &
! ! !
& ! ! ! &
%)
&
$
& ( &
! ! ! 9
) (
%% &
)
% # (
% %% )
& &
)
(
.
)&
)
)
& % &
?
$&
) &
(
%% %
&( %)
%
&
&
)
( )
(9
&
)
.
&
%
&
)
% (
)
)
&
%% ( $ % 1
/(
/ 0
"&,
%& $
)
% )
$
%
/ "&, , ""
%
) 2 34 ) 2 34 (
.
-
"
/
.
$
!
"
"
$ "
) ,
&
/
1
'
&
%
%%%
$
%% ,
,
!
" !
)
*
,
,
,
+ *
)
,
,
,
+ '&
*
!
"&,
$
/ "&,
.
0
0
/ "&, 0
0
' ' ' & ,
&
$
"
%
! # !! $ !!
.
$
.
.
$
C
$
"
!
" !
$
$
"
$ ; ". "
" '
$
- $
.
"
-" - $ $ " * $ * ,, ,, ,, ,, $
'
'
"
" $ " *
'
<
$
.
$ "
<
"
.
$
"
$
;
.
4 .
$ "
' $ "
$
. $ * %
"
& ,
" .
$ $
$
""
-"
- $ $ " *
$
*
* $ ,, ,, ,, ,, $ %%%
,
7
,,
) )
!
K
!
%
0
4
' $
.
(
%
% (
(
(
"
/
!9
/-
02
% 7 GH5IJK L
< "
(
%
K (
&
* % " /
0
3 C
&!!"
"
/
- &
% %
&4
%
! % ; (
&
( -
#
■
$
$$
% %
;*
(+ K
% <
<
>
2 3
;K
%
'
% ) (
!
" !
0
'
" $
5
$ $ "
$
$
.
$
5
$
$
$
%
?
&! K
% ;
■
&
% 3
<
;
%
( ! ; ! 4 (
<
$ % %
3 & ( &
K$
4
.
■
0
' "
% (
+
IE ? .
I 2
;
$ " 0
( $
;
$
; ( ( F& (4
%
?
) 3
4 % 3 A
/;
(
( %
■
&
%
) 4 /
$ ■
$
.
A A
(
;K *
■
3
%
■
&
$ 3
;
(
* % "
3
%
0
'
' .
$
!
■
3
;
/
$
/ ;
(
0 $
■
%
!
'
$
&
(
(
/
%
&
& <
3 &
$
;
%
?
% (
)
% D-
)
)
&
( !
" !
$
?
%
<
$
;
/
/
$
%
% (
J( %
<
;
%
%
%
&( ■
2
%
% ; %
/
$
$
/%
-
)
/
% (
&
!
)
%
$
%
!
(
! ( &
@
%
)
/%
(
!
" !
&$
#
#
%
2
#0 2 " 722 2 %##
! 2 " $
) &$ % 2 722
! 2 "
)
&$
#
% #
% # $
%
'% %
'
' $
%""
&%"
5
) ,D5
E L )
)
.
.
(F I G
: &
)
,
■
)
&
)
)
.
( B
■
( ) %
)
& (
. )
)
%
& (
!
" !
$
B
J &%" 2 " &$ F/% !" &$ , 01234 5
%
'
&$
-"! ./! !+
, 01215
& % 6
7
&
5
6 88888888
7
&
%
&
&
%
'
&
-"! ./! !+ & % 6
&
6 88888888
0
&
&
&
8
&
?
:
( ( ) % 1
2 34
7
) (
)
%
8 %
(
& ( ) )
) %
%
% 7#
% 8%
(
!
" !
# '& % &$ ! /#
%"" D
# J &%" 2 " %
# 'EH
& #
%,, &
& , " %" %,,
'" &
$
&
& & , " $ %" %,, & ,, %""
'"
% & & & "
% & & $ -
, ,
& -"! ./! !* =
)
%
( ) & &
$
&
%
(
%%
& '&
* *
!
" !
$
! $
'
.
$
!
J &%" 722
#
1 %""K %& $
# 1$
#
, %
&%" 722 %& $ $ -
& , ,
% , $ %"
-
% " , , $ % # % &%" 1 %""
# %& $ % $ 1 4&
$
-
$
%"" # , ,1
%,
B
.
)
/
' .
&
(
% %
%
%
&
(
.
/ %
) %
' 42#
: /
.
) &
( '
)
)
)
/
:
(
42#
% &
)
& .
$ (
& ) E 7!
8
( M4
F
)
/ / /MM8
7F % &
.
% 7
AK (
%%
% % %
$
(4 %
& E
)
. 42#
/ F
E 8 E "
( ! E !
& % % %%
! AK
.
%)
0
& . $
(
(
' ) &
:
) (
" '
/'' /''
.
!
" !
# '& % &$ ! /#
%"" D
# J &%" 722 %
# 'EH
& #
%,, &
& , " , '" %" %,,
& & &
& %,,
& , " & ,,
$
& $
& $
"
% % -
%""
& -"! ./! !* A
& &
$
&
) & '&
* )
)
%%
+
/ *
! M
%
-
$ " &%" $ ! "" "" . $ 0 .
$ ' .
"
!
" !
$
%
&$
! /#
%"" D
%
#
# 'EH
&
9
# * #
"
%
'
" %
(
$ ,
%$'
:
4&
%& $
%
& &
(
&
4
)
%%
:
'
)
)
& (
%
( % &
&
%
( %
&
%
)
0
&
&
&
( :
%
%
%% &
(
&
%
%% (
?
%
:
% (
% % *
+
&
:
%% ?
: %
& : &
( %
%
(
/
%
)&
(
% $% % &
?
,0
$
)
) *
)
, *
%% ,
,
(
+ ,
+
!
" !
'&
*
!
%"
E ; $
% "
E ;
"
""
"
' " " "
$ ! '
!
" !
$
$
. $ $ '
""
;
. $
"
"
$
$
" ""
. $
!
$ %%%
,
7 &$ ! /#
%"" D
%
&
#
$% ' % 2
& &
6
$
6
9 (
%"
#
%
&
%"
)2
4&
% &
%" #
)
$:
""
%
& &
& & & &
%%
,
%& $
D
%## E
%
" '
%
% %
4
'
&
"& ) 2
*6 6 6* 6
(
& $
& %
B%
&
# 'EH
& &
$
(4
( ) %
)
/ %
%%
%
%%
" $
%
&
( & 1
: &
(
% ( & % )
& %
: & %
$
( %
)
( %
&)
%
) %
) $
/
% H
&
/ (
)
%
(
& % %
& &
(
%
%
&
( F& &) %
)&
% %
%
% % &
% %
%"
% &
/ /
%
&(
&
%
)
' %
%
(9
/
& %
% ( F &
& % (
>
%
%
% % $ %
)
&
& % ) %
% ) & % (
& % ,- %
&
!
" !
%
)
%
& % &
& %
%
"
0
%
& ,- %
)
( %
)
& )
% ( &
& %
"
&
F
)
(
& &%& $
/''
'
&
$
) )*
+*
,
%% & 1+
) ) '&
*
&%& $
!
F
6
. $ "
%
"&
E
. " %
!
" !
.
$
!
"
.
-
0
.
"
! -
" 0
"
!.
! .. ' 6 ( + F $
'
$
"
,
.
" $ F $
?
7 &$ ! /#
%"" D
&
$% '
%
$
!
# 'EH
%
9
# * #
$ !
# * # & &
$
' ! &
%' & #&"" %& $
# C , #%&"
;
"
$ &
$ '
%
:
%& $
%
'
$
$
&
#&""
% %
% , !%
& < & = &
& &
'
<
,!
!
%
%
%
%
7
;
$ %
&>
(
&
4
)# ) %
%% (
$ $
&
&
0
N
$ " !<
=0 <
$
)#
%? !
)# )
, *
2 ,
'
'
"
)# *
)
(
%,
&
.
%
%% ,
2
+ ,
+
)# )# '&
%
*
!
$ $
!
!
!
' .
! :
"
!
:
-
' " $
. ;
'
" "
.
$
%,
O " +
@
'
"
! " ('
$
= ;
!
= " -
" !
&$
+%
# '& % "
F % " ! /#
%"" D
&$
)
& ( &
%##
# %& $
%$:
& %
"" 2
'
& & ( &
'
4&
I% )
+%
# 'EH
&
# * #
(
'
%& $
#! $ !
+%
"
%##
&
) & ! ! ! ! ! ! & ) & ! ! !** "++!"++!"++!"++ ! ! ! ! ! !
& ( &
! ! !
& ( &
! ! !
"
1
% 0
( '
&
E F*
$
)
)
3 )
3
6
%%
, 3
*
, ,
, ,
,
+ *
)
3
*
,
,
,
++ '& "&,
!
" !
* ' %
$
! ; ! # !! $ !! " $ 6 " $ %%% %& $ "" $$ ; 6
6
*
%
B
/ "&,
.
6 -
0
0 $
& ,
&
6 "
. .
"
6
4 . "
. $
.
"
$
$
" $ " *
; ". "
$ " ' "
<
$ 6
C
- $
.
$
-" - $ $ " *
$
*
"
%
"
-" - $ $ " * $ * ,, ,, ,, ,, $
'
<
$ "
$
& , .
$
$
* $ ,, ,, ,, ,, $
!
" !
&$
+% 3&" ! #
""
"
4
"
F
"
'
""
""
F
%""
% "
@ %
"% (
"
"
" (
."
%,,
" (
." D E
&" $
#
$ ,
5
%
" )
!
%
A
!
4
!
(
A
&
%
!9
( %%
(
(
4 %
%%
)
4 1(
(
!5 !8
K
!=
#
!B
4
)
" !
)
)
(
/( 4 /%
!A
!
/!
% %
)
5 )
( /%
$
67
(
%
&$
+%
3&" !
"
"" ' # 7
"
4
"
F
"
""
""
F
%""
% "
F
%""
% " ,
"
%
$
F
" (
."
%,,
" (
." D E
&" $
#
$ ,
8
%
" )
!
4
(
A
&
%
!9
( %%
4 %
%%
)
4 1(
( K
) %
!=
)
)
(
)
"
(4
% *
!B !A
%
(
(
!5 !8
%
A
!
!
/!
4
4 /%
+ % %
)
4 1( )
/%
67
(
!
" !
&$ ! /#
%"" D
) '
:
&
!
&
!
#0 2 " 722 2 %##
2
# 'EH
& & ( & # %& $
+% & I!
")
'
&
( &
'
"L!
! D8E &,! D =E
!D E
$
D!
" HE
) #
'" !
#
?
# !
D ' 59E !
% ' D '
%'
! DB I
$
4&
!
"
$
&
,#
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
! ! !
5 E I
$
$% 2
!
D%"" !
E
!" E *
& ) ! ! ! & ) ! ! ! & ) ! ! !
?
&
&
?
( &
&
?*
& ( &
&
% ?/
& ( &
=
&
$
)
)
3 )
3
?
)
, 3
*
)
.
,
%%
,
,
,
,
+ *
)
3
*
,
,
,
++ '&
*
"&,
!
' *
; 6 " %%% %& $
$$ / "&,
.
6 -
0
&
& ,
!
" !
$
"
6 "
$
$ $ 6 $ "
. $
$ 4 .
.
""
;
$
. "
%
0
& , .
6
6
"
.
$
%%
'&
*
! $
" $ " *
; ". "
$ " ' "
<
$ 6
C
- $
.
-" - $ $ " * $ * ,, ,, ,, ,, $
'
$
%
-" - $ $ " *
$
*
" <
"
$
* $ ,, ,, ,, ,, $
!
" !
& $ +% #0 722 2 %##
2 "
"
4
"
F
"
2 02
""
""
F
%""
% "
@ %
"% (
"
"
" (
."
%,,
" (
." D E
&" $
#
$ ,
B
% )
" )
!
/!
%
A
!
4
(
&
%
!9 !
? A
( %%
(
(
4 %
%%
)
4 1(
(
!5
K
!8
% %
!=
#
!B
4
" !
* %
+(
/( 4 /%
!A
!
)
.
% %
)
5 )
( /%
$
67
(
%,
&
'
# '& % %
)
)
(
F % " ! /#
%"" D
&
( &
& ( & %##
%$#
& ( &
) "" 2
'
&
'
4&
I% & %
'
# 'EH
&
# * #
&
%
#! $ !
&
'
"
%##
& & ! ! ! ! ! ! & & ! ! !** "++!"++!"++!"++ ! ! !
! ! !
& ( &
$
! ! !
$ ! ! !
9
&
$
%% ,
,
,
,
,
,
* '& "&,
+ * ' %
/ "&,
! $ " ! # !! $ !! " $ ' $ *F P $ " . " 0
%>
0
.
! *
!
0 $ "
.
!
6 '
" %
'
$
! / "&, $ " /
$
!
$ "
$
!
" !
'&
*
!
& , . &
6 "
. "
"
" $ " * Q $ 6
C
$
" <
" !
$
"
" - $
.
-" - $ $ " * $ * ,, ,, ,, ,, $
'
'
; ". $ "
'
<
.
"
$
$
!
6
4 .
"
$
$
& , .
.
-" - $ $ " *
""
$
*
* $ ,, ,, ,, ,, $
$
%%%
%?
7 #
%
J
&
' 02
9
% )
"
?
)
. )
!
/7
& 1(
2
&
( !
%@
4
2
)
/0
%6
&
(
!
" !
& 2 ! /#
%"" D
# 'EH
& & ( & # %
&
':
I! ")
( &
"L!
! D8E &,! D =E
'" !
$
D ' 59E !
# !
& ( &
&
D!
" HE
)
#
! ! !
'
'
& ! & !
' #0 2 " 722 2 %##
&
! ! ! ! ! !
,#
% ' D '
!
"
! ! ! ! ! !
$
5 E $% 2
& ! ! ! & ! ! !
!
D%"" !
E
*
&
&
?+*
& ! ! !
&
?+@
( &
9
&
$
?
)
,
)
, ,
) /
.
%%
,
&
,
, /
/
* '&
+ *
"&,
' %
/ "&,
! $ " ! # !! $ !! " $ ' $ *F L $ " . " 0
0
.
&
& ,
!
" !
$
"
'
! / "&, $ " 0
$ 6 "
$ "
$
. $
$ 4 .
.
%
$
6 '
. "
"
!
!
& , .
*
0 $ "
.
6
"
.
$
%B
'&
*
! $
" $ " *
; ". "
$ " '
$ 6
"
<
C
- $
.
-" - $ $ " * $ * ,, ,, ,, ,, $
'
$
<
-" - $ $ " *
""
$
*
"
'
"
$
* $ ,, ,, ,, ,, $ %%%
!
" !
2
& "
$
' $
# '& % &
(
% , ! /#
%"" D
! /#
%"" D
# 'EH # 'EH
9 &
'
&
)
'
&
! ! !" &
$
& &
& ( &
)
! ! !
& ( &
&
$
& ( &
! ! !
! ! !
! ! !
# $
%
! ! !
! ! !
! ! !
:
&
! ! !
! ! !
! ! !
+
! ! !
! ! !
9
& )
# )
$ #
&
#
& &
* '&
)
*
/ /
)
?
&
)
%%
+ ' / ,
() )
3
/ ,
+ *
! "
' $
$
$
'
-
'
"
" !
$
$
'
!
?
'
.
D "
" - !.
-
D ?
. "
$
"
'
-
!
"
"
.
.
E F* $
"
"
'&
*
!
&
" $
. $ $ % %& $
%
%& $
+%
F $
$ "
F
'
" '
' (
' " 0" " " ! !
D "
F ;
0
"
6 &
$
,
E F*
%
"
6
"
6
$ $
+'
*
$
""
!
"" %%%
" !
% , D ! /#
%"" D
# 'EH
& ! /#
%
%"" D
% & & &
9
%
'
# 'EH
&
'
! /#
% % %
& &
%
& &
*6
6
'
:
< (
&
&
(
9
% &>
;
:
# 'EH
&
< %
&
;
%"" D
& &
% % %
%
E
& & & & & 6* 6
&
$
& & &
-"! ./! !" -"! ./! !" 95
&
$ %%
& )
)
)#
)#
N
)
,
) ) ,
2
&
N)
'&
O
,
O *
!
!
F
%
!
F F
& &%& $
" !
)
)
)
!
))
! " "
$ $
"
F
"
$
$ !
F
/''
$
"
F
'
$
$
%
@% ) 1 ,
# '& %"" 02
$ '
%
& #
& $
&
(
$
&
%
/ !
■
( (
■ ■
&
( (
■
(
■
(
■ ■
G
( %
■ ■ ■
"
%
(
( (
!
" !
J &%" & $
&
%
(
@% J &%" IN & ! , & "" % ( I 55 55 55
= 9 5
C% ( 1 L 2 L2 2
&
A
-
8B =
%""
8
1
9
, *?M L 2
&, ( % 9=
!
" !
$
,
2% ( )
%""
&
#
1 ,
02
%
& &
!
&
!
)
&
%
■
3?2 E)
!
<
%
%
3?2 E
( $
%
%
( %
&
%
&
(
/
<
!
( %
■
&
)
% ?
<
( $
%
%
<
87
/
( 9
:
( /
! !9
2
!
2
50
#
%
(
/
/ %
F
9
!=
F /
(
(
G
3 /
& )
#
( ) 3
%
%
1 /
(
K 3
%
%
■
& ( !
0
■
%6 '
/
(
5*
+
;<:<:5:;
■ ■
!
■
1
*
;<:<:5:= 2 34 / &
M
%
1
+
/
!B
% (
4 (
!8
(
(
& !5
%
( $
!A
%
&
(
/
( !
G E
& (
" # /
$
& (
!
>
!
" !
/
!
G
!
(
&
&
■
9 )
■
9 )
0
F
%
1C
E
" $
/
! 9
3
(
2
!
!
% %&
% "
/>
)
&
(
2% ( ) ,, %
$
&
*% % %
% &
! &
!
/-
%
4
&
!
/
!9
(
(
.
%
A
!
&
( (
&
%
( /%
!5
( 4
2% ( 9) ,
%
# %
(
% ,
%
"
& E9
!
1
pixfirewall(config)# aaa-server MYTACACS protocol tacacs+
&
!
/ &
/ &(
pixfirewall(config)# aaa-server MYTACACS (inside) host 10.0.P.3 secretkey.
G
!9
&&
pixfirewall(config)# show aaa-server aaa-server MYTACACS protocol tacacs+ aaa-server MYTACACS (inside) host 10.0.P.3 secretkey timeout 5 * aaa-server RADIUS protocol radius
*
!
" !
M
%
)
PM
%
$
M&
% +
+
?
2% ( )
# '&
% ,2
& , &$
%
% :
!
pixfirewall(config)# aaa authentication include any inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+
!
G
&&
pixfirewall(config)# show aaa authentication aaa authentication include any inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+
!9
K
%
pixfirewall(config)# logging console debug
0
!
9
$ "
..
!
" O "
%
$ "
( )
..
M
&
' 3EQ
http://192.168.Q.11
*
M
%
+ %
!5
(
& )
%
&
)&
109001: Auth start for user '???' from 192.168.Q.10/1726 to 10.0.P.2/80 109011: Authen Session Start: user 'aaauser', sid 0 109005: Authentication succeeded for user 'aaauser' from 10.0.P.2/80 to 192.168.Q.10/1921 on interface outside 302001: Built outbound TCP connection 3928 for faddr 192.168.Q.10/1921 gaddr 192.168.P.10/80 laddr 10.0.P.3/80 (aaauser)
* !8
M
%
) &
M
% &
+ )
&&
pixfirewall(config)# show uauth Current Most Seen Authenticated Users 1 1 Authen In Progress 0 1 user 'pixuser' at 192.168.Q.10, authenticated absolute timeout: 0:05:00 inactivity timeout: 0:00:00
@
!
" !
2% ( 5)
# '&
% ,2
&
& , &$
%
% :
!
pixfirewall(config)# aaa authentication include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
G
!
&&
pixfirewall(config)# show aaa authentication aaa authentication include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS aaa authentication include any inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
%&
!9
!
C:\> ftp 172.30.1.50 Connected to 172.30.1.50 220-FTP authentication : 220 User (172.30.1.50:(none)): aaauser@ftpuser 331-Password: 331 Password: aaapass@ftppass 230-220 172.30.1.50 FTP server ready. 331-Password required for ftpuser 230-User ftpuser logged in. 230 ftp>
&
)&
109001: Auth start for user '???' from 10.0.P.3/1726 to 172.30.1.50/21 109011: Authen Session Start: user 'aaauser', sid 11 109005: Authentication succeeded for user 'aaauser' from 10.0.P.3/1726 to 172.30.1.50/21 on interface inside 302001: Built outbound TCP connection 3928 for faddr 172.30.1.50/21 gaddr 192.168.P.10/1726 laddr 10.0.P.3/1726 (aaauser)
* 3
!
M
%
+
&
pixfirewall(config)# show uauth Current Most Seen Authenticated Users 1 1 Authen In Progress 0 1 user 'pixuser' at 10.0.P.2, authenticated * M & absolute timeout: 0:05:00 inactivity timeout: 0:00:00
%
!5
pixfirewall(config)# clear uauth pixfirewall(config)# show uauth Current Authenticated Users 0 !
% +
" !
Most Seen 1 $
B
Authen In Progress
0
$ "
0
..
1
!
" OF/ $ "
(
!8
..
M
&
42# http://172.30.1.50
%
!=
&
%
)
User Name: aaauser Password: aaauser
!B
3
&
pixfirewall(config)# show uauth Current Most Seen Authenticated Users 1 1 Authen In Progress 0 1 user 'pixuser' at 10.0.P.2, authenticated absolute timeout: 0:05:00 inactivity timeout: 0:00:00
*
2% ( 8)
M
# '&
%
+
% ,2
"
&$
%
% :
!
pixfirewall(config)# aaa authentication telnet console MYTACACS
!
G
&&
pixfirewall(config)# show aaa authentication aaa authentication include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTAC ACS aaa authentication include any inbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS aaa authentication include any any 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
!9 pixfirewall(config)# telnet 10.0.P.1 255.255.255.0 inside
* !
G
M
%
+
&&
pixfirewall(config)# show telnet 10.0.P.1 255.255.255.0 inside
* !5
M
%
+
% pixfirewall(config)# clear uauth
,
!
" !
pixfirewall(config)# show uauth Current Authenticated Users 0 Authen In Progress 0
Most Seen 1 1
!8 C:\> telnet 10.0.P.1 PIX passwd: cisco Welcome to the PIX firewall Copyright (c) 1996-1999 by Cisco Systems, Inc. Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. Cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Username: aaauser Password: aaapass Type help or '?' for a list of available commands. pixfirewall>
*
M
%
+
&
)&
307002: Permitted Telnet login session from 10.0.P.3 111006: Console Login from aaauser at console
*
2% ( =)
M
# '&
%
+
% ,2
J &%" 2 "
&$
%
% ! pixfirewall(config)# virtual telnet 192.168.P.5
*
!
" !
M
%
)
PM
%
$
+
,
!
G
&
pixfirewall(config)# show virtual telnet virtual telnet 192.168.P.5
*
M
%
+
%
!9
pixfirewall(config)# clear uauth pixfirewall(config)# show uauth Current Authenticated Users 0 Authen In Progress 0
Most Seen 1 1
%&
!
!
C:\> telnet 192.168.P.5 LOGIN Authentication Username: aaauser Password: aaapass
Authentication Successful
* 0
M
%
$ "
+
..
!
&
!5
" O "
(
$ "
..
M
&
42# http://172.30.1.50
9
%
(
%
!8
pixfirewall(config)# clear uauth pixfirewall(config)# show uauth Current Authenticated Users 0 Authen In Progress 0
0
!=
$ "
..
Most Seen 1 1
!
&
"
"
$ "
..
(
M
&
42# http://172.30.1.50
%
!B
)
%
( ,
!
" !
2% ( B) $% ' % , 2 !
&$
%
2
%
%
G
!
& % , %
%
pixfirewall(config)# show timeout uauth timeout uauth 0:05:00 absolute uauth 0:00:00 inactivity
%
!
D
pixfirewall(config)# timeout uauth 3 absolute
& %
!9
D- %
pixfirewall(config)# timeout uauth 0:30 inactivity
G
!
&
%
pixfirewall(config)# show timeout uauth timeout uauth 3:00:00 absolute uauth 0:30:00 inactivity
G
!5
%
pixfirewall(config)# show auth-prompt
!
& ( %
!8
pixfirewall(config)# auth-prompt prompt Please Authenticate to the Firewall
%
!=
&
pixfirewall(config)# auth-prompt accept You’ve been Authenticated
%
!B
pixfirewall(config)# auth-prompt reject Authentication Failed, Try Again
G
!A
&
%
pixfirewall(config)# show auth-prompt auth-prompt prompt Please Authenticate to the Firewall auth-prompt accept You've been Authenticated auth-prompt reject Authentication Failed, Try Again
%
!
pixfirewall(config)# clear uauth pixfirewall(config)# show uauth Current Authenticated Users 0 Authen In Progress 0
Most Seen 1 1
&
!
%&
!
%
(
)
C:\> telnet 192.168.P.5 LOGIN Authentication Please Authenticate to the Firewall
!
" !
$
,%
Username: wronguser Password: wrongpass Authentication Failed, Try Again LOGIN Authentication Please Authenticate to the Firewall Username: aaauser Password: aaapass You’ve been Authenticated Authentication Successful
*
M
2% ( A)
%
# '&
+
% ,2
&$
+%
%
" :
!
"
pixfirewall(config)# aaa authorization include ftp outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
:
!
"
E
pixfirewall(config)# aaa authorization include icmp/8 outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
!9
G
&&
pixfirewall(config)# show aaa authorization aaa authorization include ftp outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS aaa authorization include 1/8 outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
E K
!
2 :
%&
!
C:\> ping 172.30.1.50 Pinging 172.30.1.50 with 32 bytes of data: Request Request Request Request
timed timed timed timed
out. out. out. out.
&
)&
109001: Auth start for user 'aaauser' from 10.0.P.3/0 to 172.30.0.50/0 109008: Authorization denied for user 'aaauser' from 10.0.P.2/0 to 172.30.0.50/0 on interface inside
* !5
M
%
+
"
%&
!
C:\> ftp 172.30.1.50 Connected to 172.30.1.50 220-FTP authentication : 220 ,
!
" !
User (172.30.1.50:(none)): aaauser@ftpuser 331-Password: 331 Password: aaapass@ftppass 530 530–Authorization Denied 530 Error: Connection closed by foreign host.
&
)&
109001: Auth start for user '???' from 10.0.P.3/1364 to 172.30.1.50/21 109011: Authen Session Start: user 'aaauser', sid 5 109005: Authentication succeeded for user 'aaauser' from 10.0.P.3/1364 to 172.30.1.50/21 on interface inside 109008: Authorization denied for user 'aaauser' from 10.0.P.3/1364 to 172.30.1.50/21 on interface inside
*
M
%
/!
!8
+
%
A '
!=
G
!B
■
& &
(
(
%
A
&
?
%
(
/%
(
( !
4
■ ■
A
4
/
!A
!
';
(
%
A
&
A / $(
!
/
!
K
!
! 9 K
! 5
/
! B K ! A
%%
(
%% %%
%
" !
%
(
(
(
A
A
& &
/
?
;.C
%%
5
( %%
(
/ $( (
4
%
(
67
( A
!
(
(
A
/%
!
/ $
%
! 8 ! =
?
;@A:=<:;:B< /% %
!
&
(
% $
( ,,
"
!
%&
!
C:\> ftp 172.30.1.50 Connected to 172.30.1.50 220-FTP authentication : 220 User (172.30.1.50:(none)): aaauser@ftpuser 331-Password: 331 Password: aaapass@ftppass 230-220 172.30.1.50 FTP server ready. 331-Password required for ftpuser 230-User ftpuser logged in. 230 ftp>
&
)&
109001: Auth start for user '???' from 10.0.P.3/1726 to 172.30.1.50/21 109011: Authen Session Start: user 'aaauser', sid 11 109005: Authentication succeeded for user 'aaauser' from 10.0.P.3/1726 to 172.30.1.50/21 on interface inside 109011: Authen Session Start: user 'aaauser', sid 11 109007: Authorization permitted for user 'aaauser' from 10.0.P.3/1726 to 172.30.1.50/21 on interface inside 302001: Built outbound TCP connection 3928 for faddr 172.30.1.50/21 gaddr 192.168.P.10/1726 laddr 10.0.P.3/1726 (aaauser)
* !
M
%
E K
2 :
+
%&
!
C:\> ping 172.30.1.50 Pinging 172.30.1.50 with 32 bytes of data: Request timed out. Request timed out. Reply from 172.30.1.50: bytes=32 time<10ms TTL=128 Reply from 172.30.1.50: bytes=32 time<10ms TTL=128
&
)&
109001: Auth start for user 'aaauser' from 10.0.P.3/0 to 172.30.1.50/0 109011: Authen Session Start: user 'aaauser', sid 1 109007: Authorization permitted for user 'aaauser' from 10.0.P.2/0 to 172.30.1.50/0 on interface inside
*
2% (
M
)
# '&
%
+
% ,2
&
'
% ! pixfirewall(config)# aaa accounting include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
!
,>
G
&&
!
" !
pixfirewall(config)# show aaa accounting aaa accounting include any outbound 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 MYTACACS
%
!9
pixfirewall(config)# clear uauth pixfirewall(config)# show uauth Current Authenticated Users 0 Authen In Progress 0
Most Seen 1 1
%&
!
!
C:\> ftp 172.30.1.50 Connected to 172.30.1.50 220-FTP authentication : 220 User (172.30.1.50:(none)): aaauser@ftpuser 331-Password: 331 Password: aaapass@ftppass 230-220 172.30.1.50 FTP server ready. 331-Password required for ftpuser 230-User ftpuser logged in. 230 ftp>
G
!5
( 2
!8 !=
) &
/
0
%6
/
0
%6
/7
& 1
( /( & : &
/
(
9 !!
0
""#" # $
$ "
%
"!&!& &
..
'
!
(
!B
"!&!& &"
" OF/ $ "
..
%
M
&
42# http://172.30.1.50
%
!A
& )
%
( /
!
!
" !
0
%6
/(
$
,?
/
!
0
%6
& : &
/
(
9 *%
2 0%
!
P ?P
7 >7%,
P ?P
7 >7%,
P ?P
7 >7%
P ?P
7 >7%
P ?P
7 >7%
P ?P
7 >7%
P ?P
7 >7%
P ?P
7 >7%
P ?P
7 >7%%
P ?P
7 >7%
P ?P
7 >7 B
P ?P
7
3
P &! 0%
%""
,
0 "%'
,
0 % ,,
F $ ) F $ )
F ) F ) F ) F ) F ) F ) F ) F ) F ) F )
7 ,
$ $ $ $ $ $ $ $ $ $
&
$
%%
(
pixfirewall(config)# clear aaa
! 9 pixfirewall(config)# no logging console debug
,@
!
" !
&
% %%
"
&
(
& #
&$ % $ & % , % ,% &
# 2$
-
& 2
% &% '
%"" &!!
%& $
%$+% &,,
%$$ # ""
'
!
" )
$2 "
2
722
>
& 3 * # $ #
%& $ %""
% ,
& 2$ &'$ / $ %"" %#
# # #
% -
%""% 1 , # '& %
% , 02 #
$ " ' %"" %& $ % ' # '& %
&
# $ $
-
$ &'$ &
%"" 9A
!
" !
$
,B
■
!"
■ ■
#
$ %
■ ■ ■
& ! ' $$ %
(
! ! #
!" $ # ""
# *
$
# *
# '&
+#
$
# * # # 2%
# '& + %""
4.
+! &
""
% "
" $% +" ' ,
%""- $% +"
$ % + /012
3&! !
$
+ % %!!" %
&
$ $ +%!
&"
%+ %
&
.
%##
.
# *
)
# $ $%! ' % ( )
$ $ $ % + /012
#
!"
&"
, "
%"" $% +"
% +56 6 % +
# '&
3&! !
"
4.
% +56 6
"
$ % % ( '&% +
$
!
,
" !
+ %
+
" *
+
,*
-&
2 #
+#
+ % + 5% +" '
! !&"% !
#
( 2 ' +
% %
( 8 %
+
"
! &
( " '
& " %
( (
! "
%
%
!
"
%
.
"
%
!% (
%
'
+
' %
$
#
%
( "% %!!" %
"
%++
) #
%""
+ % !% (
#!
'
#
% +! %++ $ &'$ $ # #
% #
&
%++
! !% ( % 9& + $ !
% + "
2 . !
+ %++ + ( "%
$
"
%!!" %
' +# %"" $% % + + $ # "" '%
(
$
)
+ % !% (
%"
& %!!" %
&
7
%$ %
!
) $
*
%
$
$
$
). $ '
( *
! $
$ $$
)
%*
-&12
* % $ )
*
* !
3
■
5
■
5
■
!
" !
%
!%
%
■
* )/0/*
%
2
+2 + $
$
4
%&
'
,4
,4 $
$
6
7 !
) $
!
!
3 ( %4 4 % !
)
)
!
" !
% +% + < + # .
%$(
"
"
"
% + =.
( #
.
% + >
% + +% % =. >
&
*% % !
& +
(
!
% +
*% % !
! :
! % & + +% % $% "
+& # #
% + !
& +
;
( # & & + %## %"" ! %" $% +" ' 9& ( # & & + %"" + ! & & + $% "
+ +
*% %
%## ! % +& # +% %
$
$$
)8 $ $$
* 09 3
8 4
) $
4 )
*
)
3
$
0:
4
3
)
) ;
3 $
%
0:
!
* $
)
!
'
% !%
) *
!
$
!
■
8 !
<
3
*
$ $
%
)
) !
■
'
<
! $
! 3
* %
*
!
$ '
<
!
!
* $
$
)
%
*
%
$
)
)
!
" !
$
%&
% # .
#
%$< +
"
"
(
"
% + =. >
(
"
% + +% % =. >
&
% +
*% % ! 7@
& +
( # & & + %## %"" ! %" $% +" ' 9&
+ +
% +
% +
!
!
*% % !
: % %
( # & & + %## %"" + ! & # +% % $% " #
.
A ;
7@
& +! *% %
& + (
!
%$& +!
#
+% %
" ?
$
$$ $ %) 8
3 ) $! $
4
)
$$
*! $
* * )
4
) ;
!
$$
%
*
%
'
*
)
!
$
!
■ <
3 $
! !
$
* $$
) !
<
% ! $
$
%
* $
%
)
) !
■
'
<
3
!%
! *
!
$ !%
* %
)
)
*
!
" !
. ! 3#
3
%"" =
# * #
# '& %
# '>C
!
(
#
( *
%
#
.
* #%&" D
2 .
( 0 ' # E$
!
%""
!% (
!% " %+
%
.
+&
#
% + = $
. * . " '
% " +>
+ % " +
(
&
& +
(
&
& + !%
% +% + .
""
(
.
""
( #
% +% + .
""
( #
(
& +
(
& + !%
.
""
3!" +&
" + %""
+
3
(
B
;%
*
09
)
%
09* % $$ ) $$ $2
■
%
■
=% $
%
■
&
$$
5
+
$
%
!
$$
,
! )
! ■
!
■
!
% % '
■
$$
* !
%
!
% '
■
!
%
5
$$
% $
$ 09 !
)
!
" !
$
%&
+
%
'
'& F
,
$$
* G
! -
.
!
" !
4 # .
$% (
"
"
"
% + =. >
( #
$ "" % +
% + % +% + =. >
&
& +
(
! & +! # % +% + & !&
#
7@
7
: 4 9&
& + ( # & & + %## %"" ! %" $% +" ' 9& ( # & & + %## %"" + ! & # % +% +
+ + % +% + 8
& !&
& +! & !& :
> $
+
,
$$
)8 $
* ?9@
4
) )
*
!
$
!
■
8
<
$
%
$ !
$
* )
) !
■
'
<
! $
! 3
* %
*
!
$
) '
<
!
!
* $
$
%
*
%
$ $
!
" !
)
)
$
%&
/
4 $ ! 3#
%"" =
# * # ( *
3&!
# '& %
# '>C
!
#
%
%""
$
* #%&" D
!
!
#
$
7
% +% +
# #+ % " + (
&
(
& + & +
$ $
"" ""
( ( #
+&
3
@
;%
*
?9@ ?9@* %
>
>
)
$$
% >
) $$
% $
> 5
%
> $
$$ >
)
! )
$$
! !
■
>
! '
■
%
>
%
5
$$
!
% $
$ ?9@
) %
'
'& F
$$
* G
! -
0
!
" !
/012 "
#
%"" "" (
$
# % #
% $
% % $
$ &
" ! ' %
$ ! $ "
& +
6
( # & & + %## %"" ! %" $% +" ' 9& ( # & & + %## %"" + ! & # + + $% #
: .
+ +
& +! "
.
.
! +
-&12
4 9& 4 + D
& + (
) 6
). % +
)
4 9&
!
! %
& +! # + $% "
% *
$
$$
)8 $
$$ % -&12
*
4
9?09
) )
! -&12
*
)
!
$
!
■
! !
<
3
$
* $
!
<
% $
% !
)
*
) !
■ <
!
" !
'
! !
-&12
* )
$
%&
/012 ! 3#
%"" =
# * #
3&!
# '>C
!
#
(
#
2 .
/012
( *
%
%""
(
!
!% " %+
.
!
+
2
!" %
&
+ "
+
%!!" %
% "
&
!
??
#+ % " + (
&
(
;% %
* #%&" D
!% (
$ + #%&" ! #
#
# '& %
& + /012 & + /012
%""
+ #
+ %""
+
*
3!"
" + %""
+
9?09 -&12
9?09* %
-&12 $
)
$$ )
-&12
$$ -&12 $2
■ ■
=% $
5
% $
! !
■
-&12 $$ -&12 *
-&12 '
!
■
% ! )
$$ %
!
%
-&12
%
5
$$
9?09 ! %
$ $
) '
'& F
%
$$
* G
! -
1234
!
" !
<&"
+ % &!! *
$ $
$
$ $
* )/0/ )
E$ <&" # <&"
%$+
%
!
( .% 9& & . % +' ! * . (
$ &
% ! % ++
,
%""
( * "
%
&
&!!
.
'
* 9&
# %
%"" ! +& # +%
&" (
%
+ % %!!" % & 9& %
(
# .$
+%
&" $ & 2 .
% + & +%
++ %" * . $ '$ ! % ! +
$
6
#
$ * ).
%
$
3 $
*
!
$ $ ' $ ■
$ % *$ %
% $ $
%) $ $ !
$
>
$ %
3 $
5= $
A9A: 5
■
# AB@D)
$
$
$
% $ %
AB@C
%
*
*
AB@D) 5=
$
$
* % $
$ $ * 3 ' $ $ 2 %
5=
%
)6 *
BCA:
3
$ AB@D
>
)
#
$ 5=
)
A:A:) $ 5=
% 3
5
5= *
$ 2
) 2 $ $
$
)# % % )&
$
$ $
$
!
" %
) !
" !
$
%&
'
4 %" . # 4 %" . + "
%
%&+
% + "
!
(
. *
# .%
( 4 %" .
. 9& $% +" '
"
#
(
.% ! " =4. >
(
*
+ %!!" % H.I
!!" /& (.
7
(
# 4 %" "%
"
# 4 %"
" " =4.
+ + %" %""
# 4 %" &+
+ $% ( 4 %" .
" ! #
( 4 %"2
( 4 %" *% % . % ! " =4*.>
(
&!!
!
#
"
# 4.
% +
%$!
+
'
# 4*. <&" % &!! +
>
+
7
>
4 $ $
$ !% $ %
$ ??@*
+> $ $ 5= %
%
,
4 $ )
)> % 5= ) >
) 5=
% 4
0/0B
3
%
*
$
) 5= $
$ %
■
>
4 $
+>
,
■
>
=
+>= ,
5= $ ■
>
■
5= >
$ %
4 $
>
4
%$
+>
,
)
$
% );
* 3
)
* $ !%
%
)
!
" !
> E F
■
-
■ ■
2
!
" !
!%
>
$ @
2
<
>
<
>
<
>
%
05. 6
$
%&
% +% + 4. < + # .$
%$(
#
"
" "
=.
>
( 4. +% % =
!" 3 * >
( 4.
=+&!" 3
& (
!
* >
& +
7
! & +! # +% % % + 4. !
#
4. % "
& + ( # & & + %## ! %" $% +" '
%"" + 9& +
( # & & + %## %"" + ! & # 4. % + 4.
>
$
: .
)
"
B
?
&! ! D !H% !H&+! J! D6 ?6 B J! D
* ) 4. *% %
& +!
* ) 4.
4 !
*
!% > G
■
6 6
$
) ■
>
G $ > %
% ( ■
> %
G=
, 5= $ $!
' +! $
H )
'+
>
$
$
) )
, 5= %
$ $
'
>
) >
$
>
*
!
$ !
■
$
<
*
$
>
%
!
>
$
) !
■
'
<
!
5=
! $
> %
*
*
3
$ ) '
<
! $
!
> $
%
*
*
%
$
)
*
!
" !
4 %"2 # .$
%$(
#
"
" "
=.
(
* +% % =
(
*
&
& +
( (
#
!" 3 * >
& + %## & +! #
# & ! !
>
!" 3 * > +=
# &
( K 4*. < +
%"" + * +% %
& + %## & +! # & & +!
!
7
: .
%"" + * +% % % + * +
%
! "
)
"
D3 J! J!
&! %" + H&+! D6 B D
6
B
& + ( (
# &
& + %## & +! #
%""
+ +
*
# & & + %## ! & & +! # % + ! & +!
!
* ) *% %
%"" + * +% % * +
* )4
+
?
>
2
( >= $
*
!% >
G
■
$
) ■
5=
G $ %
■
5= 3 >
G $
'+ 5=
, 5= $ $
'+
$ )
, 5= )
2 $
( >= $
>
*
!
!
■
!
<
5=
$
%
*
$ $ $ !
<
$ $
*
" !
5=
% $
$
* % ! $ %
$ 5=
!
!
)
5=
5=
* %
!
)
$
%&
+
!
■
'
<
! $
% '
<
! $ $
,
! $
5= !
> % 5=
$
!
> $ 5=
% *
*
*
%
) *
* 5=
%)
!
" !
4. ! 3#
3&!
%"" =
# * #
# '>C
!
#
4.
( 2 4.
# 3&!
( 4. %
%
(
# '& %
+ !
% " + %""
+ #%&" 4
!
6 ?!
*
. % + +&%" 2 . %
%
&
"
&!!
7 9&
+
$ 4.
+
# #+ % " + (
*
( .
%
!
+
%
+ %""
%
!
+
%
%""
+ + =.
&"
%!!" >
!
B
;%
*
%
!
> > $$
??@*
) *
)
$$ > 5
% $
5=
>
$
$$
!
>
)
!
!
>
$$ %
F
%
'
'&
" !
!
)
5
!
$$
* %
% )
)
$$
* G
$ $
! -
0.
$
%&
/
56 6 # 4 %"
&" &
!
#
+% + "
% .
% + # %
* L %""M
" % +
( 5
( 56 6
%" '"
#
&!! (
# 56 6!
4 '
% % +
+ ( 5
%""
"
% & =4
(
>
( =
"I+ # <
'
#
<
( I
# '
(
%".
# >
>
$
< 2
' %" '
%3 2 % %""
2 >= ,
+%
# 2 <
(
%'
%
%""
+ %!!" %
( <
( . ;. 5 %+ ( / @6 <
= ,
<&" <% %'
% +% +
' %" '
( 5 7
+56 6
( 56 6
# %
(
&!!
$
# N% (
! :
)/0/
$
$
! 5= 4
$
%),
$
I
*
$ '
!
%
)J +
'2
%
K !
*
$ )/0/
2)9) )/0/
■
)00?4>
■
)00?4
■
)0@?4
■ ■ ■
*
$
*
+>
,
L -)C/9 # !
%
'2
+
2)9, +
?)0,
)/0/ ■
)/0/ 9
■
)/0/ 0 +
?)0,
!
" !
#
■ ■
#
#
2 # F
■
5
■ < < ■
$
# 2 # 5
#
F < <
!
" !
$
%&
# '& ! 3#
%"" =
'56 6
3&!
# '>C
" " # * #
!
#
(
#
2 .
( *
%
%""
( * #
56 6
* #%&" D B
56 6 !
.
&!!
%' % +
%
9&
+
*
%
9&
+
.
# + % " + 5 6 6 %!!" %
%
+ %""
+
" " ! " " !! " "
!!
@
;% %
*
9A0: )/0/
)/0/ 9A0:* %
)
$
$$ )/0/
) $$
)/0/ $2
■
=% $
■
5
% %
5=
$
$$
!
)/0/ * )
! %
)
$$ !
5
!
$$
9A0: ! %
%
$ $
) '
'& F
)/0/
$$
* G
! -
$' '
!
" !
% ( N&% + 2 $
%
$ +=2 ,* + ,
$ 62
*
*
H
!% $ * = $ *
)
<% " N&% + ! 3#
%"" =
# '>C
# # * #
!
(
$ $
" %"" # 580
#
4 <
0 4
# + % " + %"" <. (
%"
%
%
<% " N&% + * #%&" D
:
%"
7 . * . % + % &"
% +
4 8. 2 %""
% "
% +/ .
+ $ &'$ $ # %
3!
%""
+
# #
" #
#
$ # 4$
$ !
% %
%
# )
$ ;%
+ # )# !
! $
$ $
$$
$ >
.& * #
&* >
*
D09 *=
'
$
)
@)?)9 *> . *2
0?
#
*
-5 )
# 0?* %
, $
)
%
$
$$ # 5
) $
$$ #
!
*
5 0? !
!
" !
! ) $
$$ '
!
$$
%
)
$ $
)
$
%&
'
%
'
'& F
)
$$
* G
! -
6.
!
" !
*2 N&% + # *2 N&% + #
%" %
"
# $ " + 9& %+ % %"" * !% ( & # $ *2 ( .$ + #%&" 3!
* &
# .$ *2 ! ' O + $ # %"" $ $ " + % * +& +% " ( .$ *2 % # 3!
=2 =2
*
B 6
B 6 @ ?: 6 76
* 6 76
*
=2 3 % 3 $ %3 % K * ! ) % !
%
) !
! $ =2
@ ?: B 6 76 6
* 76 6
$
+
! 3
■
B 6
*
!
B 6
% *2 +&
) %
5= )=
% $
5=
$
) ■
!
" !
5=
"
+=
$
%&
,
)
%' ! 3#
%"" =
%
N&% +
# '>C
$
$
#
$
%
%'%
# %'
( . % + ! "% + % + ( 8% $ % %" %+ (
# %' +
(
%"
%
# %' %" +
%"
% % $
% + %" $
%""
#%
! %
% % (
* #%&" D + % " +
$ 9& # %' #&""
+
%
# %'
$
% +
+ !% (
$ !
$
%
$
$
%
6
5
$$
!
) % $ $ $
%
$$ *
* 3
% !% > )
!
)
*
$ 9D?D *
$ % 4
%4 $
9:: )
$
$ !
%
!
!
!%
) % % $ 2
$ % 7
!%
$$ )
-
! $
-
2
8 8
"
# %''&% + -
"
:
&
2
9
8
-
-
"" ""
8 9
55 8
"
"
-
"
""
%
8
%
8
!!
*
%
% % -
"
"
2
& ! -
" &
!
2 9 # %''&% +
!
% 8
" !
$$ %
'
$$
!
" !
!
!%
)
$$
$
)
$
%&
+
" ! 3#
%"" =
% # 4
# '>C
%
"% ( . (
+ N&% +
&
' %
% % ( +
&
&
+
&
=+ #%&" D
% " +>
E% E%
( 8 ( +"
%
%
&
7
$$ , !% ! )8 ! ! !% $ * % +
$
9)
% $
$ )
!
!
*
%
$
* ) $
$
0)
8
/) .$! % @) $$ %
,
'
!
!%
)
$$
'&
*
!
% "
;
8
&
+ % "
5
8
&
!
" !
P2 " B
+
% (
% ( ? ?7
! # + 5
.% '
,
# .$ % % ( ! # % 3 & %++ % + #" + $ %' $ P2 !% ( # .$ % ' ! P2 !% ( P2 ; !% ( ! # +$ # .$ ! % + " '
62 $$ '
%' # ! %
+ + ' $ :B?
#" $ ! 9&
:
:B?
P2
4 )
* .)
P2
;
P2
4 )
* .)
P2
;
P2
4 )
* .)
P2
;
* .)
Q Q Q P2
;
* .)
P2
;
+ ' P2
4 )
P2
4 )
Q Q Q
*
A A A A A
4
=
*
) * 62
$
62
4 K
*
)
%
' );
$
624
4% 624 L
L
' *
L )
$! %
!
" !
!
4
$
$
3
%&
)
/
P2 " + N&% + # '& % ! 3#
%"" =
# '>C
( # #
+
& + (
$
(
$ "
! 3#
%"" =
#
&
"
$
% &
"
"
$
% &
"
&
#
%$$
%$$
% $% +"
# '>C
& +
(
$
(
$ "
&
# % $% +"
% % ( ! *
%
) *
* *
* * ?
= $! $ =
$! % $ %
*
$$
$! %
$! %
4 !
!%
) %
'&
'
$$
*
!
62
!
. .
%
-
"
%
-
"
9
.
8
-
8
-
.
. % (
.
.
%
. .
'
$
)5
%" -
%-
" 9" " < = "
>
" 9 " " "8 . -
<
"
=
"
.
>
"
!
" !
'
=
* * $! %
$! % $ !% = %
'&
$ %
$! %
'
!
$$
*
!
. .
% -
-
"
.
"
8
" "
8 %
%"
"
8
8
%-
. " 9" " - " . .
62
!
"8 -
" !
$! )5
$$ 4
)
.
!
$
" 9 " " "8 - "
-
" = "
< .
-
$
> <
" =
"
%&
>
'
0% )
# '& % + . " 5% +" ' % + & ,
$ $
+ % + % ( N&% + %""
! '
%
)
* 6 ■
! ' =
%
■
'
)
'
)
!
■
'
!
■
)
'
.% ( ) * !"% $
)
3&!
"
$
# '& % $$
% !
&
'
%
pixfirewall(config)# show fixup protocol
- 9,
*
'
MMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMM $
3
MMMMMMMMMMMMMM
MMMMMMMMMMMMMM
MMMMMMMMMMMMMMMM
/0/ MMMMMMMMMMMMMM
.% ( ) $% ' $
3&!
"
$
# '& % $$
$
% !
=
!
'
'
pixfirewall(config)# no pixfirewall(config)# no pixfirewall(config)# no pixfirewall(config)# no pixfirewall(config)# no
! '
=
fixup fixup fixup fixup fixup
protocol protocol protocol protocol protocol
http 80 smtp 25 h323 1720 rsh 514 sqlnet 1521
> !
" !
pixfirewall(config)# fixup protocol rtsp 554
!6
=
-&12
pixfirewall(config)# fixup protocol sqlnet 66-76
!7
F
%
'
pixfirewall(config)# show fixup protocol
%
!
$$
' !
*
!
$
$$
pixfirewall(config)# show fixup protocol fixup protocol http __________ fixup protocol smtp __________ fixup protocol h323 __________ fixup protocol rsh __________ fixup protocol rtsp __________ fixup protocol sqlnet__________
.% ( 6) .
$
&
& + .
3&!
$
$$
! !
"
'
. !
%
pixfirewall(config)# logging console debug
!
!
!
%$8
C:\ ftp 172.30.1.50 User (172.30.1.50:(none)): anonymous Password: user@
!6
=
%
$
ftp> dir
- 9, 8
$
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM !7
-
%
ftp> quit
'
!
%
pixfirewall(config)# no fixup protocol ftp
!
" !
$
%&
''
*
!?
!
!
%$8
C:\ ftp 172.30.1.50 User (172.30.1.50:(none)): anonymous Password: user@
- 0, 8
%
!
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM !B
=
%
$
ftp> dir
- /, 8
%
!
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM !:
-
%
ftp> quit
2
-
.
! ! 5>&
!@
*
!
"R
8
%$%8
%
%
?@
8 !!
"
)
ftp://172.30.1.50
- @, 8
%
!
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
')
!
" !
- ?, 8
%
!
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM %
!
8 !!
.% ( 7) .
)
$
& + .
3&!
$ ! !
> 4
"
$$ '
!
'
%
pixfirewall(config)# fixup protocol ftp 21
(
!
!
)
$% *
%
8 !
5>&
ftp://192.168.Q.11
2
2
1<
.
- 9, 8
"8
8
$
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM %
!6
8 !!
) '
!7
%
pixfirewall(config)# no fixup protocol ftp
(
!
!
)
$% *
ftp://192.168.Q.10 +
!
" !
%
8 !
5>& -O
,
$
%&
'
2
- 0, 8
.
"8
%
8
!
(
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM - /, 8
%
!
N8 %
%
N
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
.% ( )
$
3&!
"
$
* #%&" $$
'
% '
!
%
pixfirewall(config)# clear fixup
!
F
%
'
pixfirewall(config)# show fixup protocol fixup protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521
'*
!
" !
&
% $$
H
%
)
& # .$ , %+ % +! #
. #
!
%"" &
! " ) .
% %" $% +" ' # $ # "" $ % + /012
$ % + /012 3&! ! $ $% $ + #%&"
# .$ !
,
# 4. $
% + 5 6 6 3&! ! $% $ + #%&"
" ) 4.
%"" $% +" $ # "" % +56 6
# .$ , %"" $% ! # N&% + %' % " +* # +
"
"
%
'
&"
%
' # '& +
+% # '& + #
!
$ # "" ' % % ( '&% + $ "! %" & % % ( ) <% " N&% + *2 N&% + " + N&% + % + P2
:
!
" !
$
%&
'+
■ ■ ■ ■
!
■
"" #
$
!
%
!" ! #
% "
# $ $%! & "" $ # "" ' % ( )
#* # $ ! % % + ,#*
$
#*
$
#% "
#* # # # +
+%
%
% +
%"" ( # '& %
!" %
(
% +
# '& $ % #&" #% " #
$ #% "
,
%"" #
#% "
% +
#%
!
" !
+
% + %" &%
%"
% ,
%""
%" % "
+% ,
%""
.
' % ""
# &
#(
(
% (
# (
" # %
"
" # & ( # " # " #
" # "% )
"
%
# & (
# #%
% " #
# %
(
" # (
( #
%
* ■
& *
+
+
■ ■
*
"
■ ■
!
" !
&
0
" (.
&" " # !
/
,#
12
"
$
++
#
,
%" %"" % , 0%
3
0 1 .
4
%"" 1 % + 1#% "
2 2 1 . 6
5
5
+% ,
%""
0 % + 1% 0#% " 1
2 2
/
)
# 3*
)
" # #
#
#(
%
# " # #( #
"
(
" # (
%
( % 3*
" % "
#
# " " #
" 3* ( 3*
%
!
" !
# '& % # '& % # 8$
!" %
$ &!
% +
#
7 !" %
#
& %""
% + % #
!"
+
%"
$ %
%""
#9
' $
'
% +
" # #
%
" #
"
#
"
(
"
" "
!
#
% #
# ■
)
#
"
( #
■
*
""
( #
■
% #
%
0#
"" " " #
( #
% #
" " " # " " #% 0 (# " " " #% #
" "" ( %
# "
" " #
#
4
#
#
% )
( "
/( ( 6
" &
# ( "
#
"
. #
" "
. # /% 5 %
"
%
!
" !
&
# '&
%" "
(
%
%" #
% +
% #&" % "
%" (
%
( "
%!!" %
( #
+ !! +
+
&
+& +%
% #&" #% " (
%
(:
"
(
%
%!!" % +
+
+& +%
% +
% #&"
5
*
(
#
& %
# 7)
■
#
"
(
" "" "
#
%
7)
■
"
# ( ( "
&
" %
"
"
+ ""
8 %
"
+ "
# 8
1-- 3
% 9
!
"
#
%
# #2
■
#
" #
# ■
1--0
+
!
#2
!
" !
■
:
1--0 ;< *:=
!
*
+ +
+
+ & /
!
" !
*:
* ,
-
.. +
.
+ '
+
)
%"
#%
# < ( !1* #: % #
;
;
$ :
(
7
7 % $ #
7 %+ ' $ $
# 9 %+ % ! ' >&
%+
"#
+ ,
'
(
%""= " % >&
7 +
+ ' & %
%+ %
4
0
" #
#
.
&
/ # 12
& " &
#
&
%)
(
#
(
"
% ;
& =
"
%
*
( %* #
& (
%
&
(
% ( %
( &
■
>5
%
7
:
% &(
;
( # ■
:
&*
(
(
:
&*
#7
% #
(
*6
%
*6 "
# "
8 %
&
( % 8 "
% "
(
$ *6 *6 &
"
8 %*
( (
*6
( 8
% ! " (
0
# %
# " *6 7
%
& &
■
#
! " =%
% % !
" !
(
■
0
7 8
%
& %
#
&
# "
( %
*6
!
" !
(
%
1
% + ! ?#
%""0
# '2@
# ;$ + $ % ! ?#
% +
%""0
# ;$ + %++
! ?#
% + % +
% " ,
% +
,
#% " %""
# '2@ % + #
$
%""0
% %""
%
# '2@
# ;$ +
,
% +
% "
% #&" #% "
"" #
!
% ""
#
%
"" !
#
""
""
%
#
!
""
'& %
*
!
2 , "" ' ,
+
+4
' "
'
+ *
+ 6
+
"
' '
""
" (
!
,+ "
3
+
+
'
+
+
+ 5 /
+
+
+
' ! +
5 /
,
* +
+
!
+
' 5 / +
+ ,
" !
% + 9 # ! ?# %" % " 7
%""0
#% " # '2@ $
%& ): & ;$
$
$
) #% #% #% $ ) #% #% #%
%" ) ) % )6 0 2 + A0 5 2) : %" & + 0 3 4 2) : + 0 2) : %" +% % + ) 0 2 + A0 5 .2) : %" & + 0 3 4 .2) : + 0 .2) : %"
% #&" % " < ' %" < ()+ A
" " # $
!
" !
! ?# %" % " 7
#% "
!+%
#
#% "
%""0
# '2@ $
%& ): & ;$
%" $
$
) #% #% #% $ ) #% #% #%
%"
%
#% "
%" ) ) % % + ) 0 2 + A0 5 .2) : %" & + 0 3 4 .2) : + 0 .2) : %" +% ) / 0 2 + A0 5 2) : %" & + 0 3 4 2) : + 0 2) : %"
% #&" % " < ' %" < ()+ A
! " " # " " #"
!+%
%"
%"
%
"" %
! "
" #
#" " # %
# %5
"
( #
<% B?
)
"
!
!
#
"
%
&
" #
■
■
#
3 &
#
" # " #
■
C &%" # !
#
"
%
<% C &%" 5 6
/
1 .
9% ( 8 ; ; ; 3
4 %"
% +
1 . % " 5
6
% ,
1 .
6 5
,
+% %""
%"" 5
1 .
5 5 *DE
1 .
6
!
" !
;% ( ) $
# '& $ +% ,
% %""
,
%"" #
"
%"
" # #
9
!
""
"
pixfirewall> config terminal
(
!
& ,%
*
!6
" ;
=
#
;22= pixfirewall (config)# nameif e3 MYFAILOVER security55
9
!.
!%
pixfirewall (config)# interface e3 100full
*
!/
%
pixfirewall (config)# ip address MYFAILOVER 10.1.P.1
;
?
"
(
@?
"
=
" " #
!
pixfirewall (config)# write memory
1AB%,-%1%2- #
!5
3 & ""
!4
C
#
%
" #
%9
pixfirewall (config)# failover
3 & ""
!3
" #
#
pixfirewall (config)# show failover
9
!
""
" #
# pixfirewall (config)# failover ip address outside 192.168.P.7 pixfirewall (config)# failover ip address inside 10.0.P.7 pixfirewall (config)# failover ip address dmz 172.16.P.7 pixfirewall (config)# failover ip address MYFAILOVER 10.1.P.7
)
!
" " #
pixfirewall(config) write memory
" #
!
" #
" &
% " &
! 6
#
%
!
" !
$
#
! .
"
" #
#
! / *
# " # ""
"" "
"
% (
" & &
pixfirewall (config)# show failover pixfirewall(config)# show failover Failover On Cable status: Normal Reconnect timeout 0:00:00 This host: Primary - Active Active time: 7350 (sec) Interface pix/intf5 (127.0.0.1): Link Down (Waiting) Interface pix/intf4 (127.0.0.1): Link Down (Waiting) Interface MYFAILOVER (10.1.P.1): Normal Interface dmz (172.16.P.1): Normal Interface outside (192.168.P.2): Normal Interface inside (10.0.P.1): Normal Other host: Secondary - Standby Active time: 0 (sec) Interface pix/intf5 (0.0.0.0): Link Down (Waiting) Interface pix/intf4 (0.0.0.0): Link Down (Waiting) Interface MYFAILOVER (10.1.P.7): Normal Interface dmz (172.16.P.7): Normal Interface outside (192.168.P.7): Normal Interface inside (10.0.P.7): Normal
1AB%,-%1%2- #
!
&
! 5
#
%
% " #
! 4
% "
" #
#
% #
! 3
#
(
"" pixfirewall (config)# show failover Failover On Cable status: Normal Reconnect timeout 0:00:00 This host: Primary - Standby Active time: 0 (sec) Interface pix/intf5 (127.0.0.1): Link Down (Waiting) Interface pix/intf4 (127.0.0.1): Link Down (Waiting) Interface MYFAILOVER (10.1.P.7): Normal Interface dmz (172.16.P.7): Normal Interface outside (192.168.P.7): Normal Interface inside (10.0.P.7): Normal Other host: Secondary - Active Active time: 7350 (sec) Interface pix/intf5 (0.0.0.0): Link Down (Waiting)
%
!
" !
Interface Interface Interface Interface Interface
pix/intf4 (0.0.0.0): Link Down (Waiting) MYFAILOVER (10.1.P.1): Normal dmz (172.16.P.1): Normal outside (192.168.P.2): Normal inside (10.0.P.1): Normal
1AB%,-%1%2- #
!
&
!
#
%
;% ( ) D%( $
%
,
" 3 &
!
%
%""
" & " # "" % 3 & %
" # #
#
" #
$
pixfirewall (config)# failover active
<
!
# ""
"" % #
&
#
" #
" #"
%
pixfirewall (config)# show failover Failover On Cable status: Normal Reconnect timeout 0:00:00 This host: Primary - Active Active time: 525 (sec) Interface pix/intf5 (127.0.0.1): Link Down (Waiting) Interface pix/intf4 (127.0.0.1): Link Down (Waiting) Interface MYFAILOVER (10.1.P.1): Normal Interface dmz (172.16.P.1): Normal Interface outside (192.168.P.2): Normal Interface inside (10.0.P.1): Normal Other host: Secondary - Standby Active time: 2300 (sec) Interface pix/intf5 (0.0.0.0): Link Down (Waiting) Interface pix/intf4 (0.0.0.0): Link Down (Waiting) Interface MYFAILOVER (10.1.P.7): Normal Interface dmz (172.16.P.7): Normal Interface outside (192.168.P.7): Normal Interface inside (10.0.P.7): Normal
;% ( 6) %"
# '& "
!
" !
$
%
,
%"" #
% #&"
" #
&
" #
!
#
#
""
pixfirewall (config)# failover link MYFAILOVER
!
3 &
# #
""
%
#
pixfirewall (config)# write memory
!6
<
#
#
""
pixfirewall (config)# show failover Failover On Cable status: Normal Reconnect timeout 0:00:00 This host: Primary - Active Active time: 525 (sec) Interface pix/intf5 (127.0.0.1): Link Down (Waiting) Interface pix/intf4 (127.0.0.1): Link Down (Waiting) Interface MYFAILOVER (10.1.1.1): Normal Interface dmz (172.16.1.1): Normal Interface outside (192.168.1.2): Normal Interface inside (10.0.1.1): Normal Other host: Secondary - Standby Active time: 0 (sec) Interface pix/intf5 (0.0.0.0): Link Down (Waiting) Interface pix/intf4 (0.0.0.0): Link Down (Waiting) Interface MYFAILOVER (10.1.1.7): Normal Interface dmz (172.16.1.7): Normal Interface outside (192.168.1.7): Normal Interface inside (10.0.1.7): Normal Stateful Failover Logical Update Statistics Link : failover Stateful Obj xmit xerr General 84 0 sys cmd 84 0 up time 0 0 xlate 0 0 tcp conn 0 0 udp conn 0 0 ARP tbl 0 0 RIP Tbl 0 0
rcv 82 80 2 0 0 0 0 0
rerr 0 0 0 0 0 0 0 0
Logical Update Queue Information Cur Max Total Recv Q: 0 1 84 Xmit Q: 0 1 86
!.
%
1AB%,-%1%2- # "
""
"
(
: %
!
" !
4 ""
!/
"
#
(
"
ftp> mget getme.zip
1AB%,-%1%2- #
!
""
""
"
C:\ ping 172.30.1.50 –t
6
!5
" #
pixfirewall(config)# reload
)
!4
!
" !
&
"
(
%
)
&
% ""
4
#
%
& # ;$ ! $ , +&
%
%
% + +% , %"" % # %"" & + # #% " ;$ ! % %"" & &%"" % $" $ +% , %"" & &%"" % + & ' #% " $ ! % , %"" ' % + $" $ +%
% # ;$ # '& % # $ ! !" % + $ +% # '& % !" %
% ,
,
%"" %"" +& '
/
0
!
" !
& # *& ' #% " $ " +& ' % % # ;$ ,
%
%
0
2 %
+
!! +
% #&" #% "
# & %""= %
#% &
&
$% $
')
( < ( !1* (:
(
( 7 (9
!
" !
%+ %
'
1
■ ■
!
■ ■
"
■ ■ ■
$
% ## &
#
'
!
!" ! #
% " # * % "
# $ %
# *
#
# *
# $ %""
#
(
# $ $%! & "" $ # "" ' % ( )
$ &
$ % ( &!!
# '&
&
+
%"",
# '&
+
%""
- .
% * &!! %- .
# '& +
+ %""
!
" !
/$
& &
+
%"", 0 % "
%
- .
"
!) +
&
*
+ !
,
(
+
&
%
!( (
#
+
# &(
' # !
+
&
&
##
(
+ %"" - . / ! " ' +
%"" - . '%
+ %
%""
+
- .
" - .
+ % * %"&!
%
&
%"" - . " - .
$ +
%"" - . '%
+
%
(
%""
* %"" - . 1
+ & #
■
+ &
#
&
# !+ # !
( #
# &
( -
■
&
+
+ &
!( #
■
!( ! !
" !
. + $ %
&
! '
)
*) (
#
#*+
). $*
##
!
■
# !(
#
■
&
#
"
( #
" &
■
(
(
#
##
##
/
#
/
#
( # )
&
*) # #
.
!
. *( " # &
■
0 ■
2%
## # &
"
1" (
##
# #
# & 1" ( # &
■
&
+
+ +
#
(
! '
(
!
" !
0 % " + - . %&
# 3% %
#*
# 3% %
'
# 3% % %& $ #
%""
%" %
!"% 2
3(4
&5
&)
(
#
*
#
( #
# &+
# &
&+
!
■
■
&
&
#
.
!
!(
& & #
■
(
. #
!+ ##
!
(
. !
(
&
( ■
"
5
&
& # 5 5
!
" !
$ %
&
5#
!
+
!(
)
5
%$# 0/
% *% * $% !
+ & +. '
6
% "
# ! %
! *
% *% * #
( "% ! % * %& $ %
+
%"
#
+
"&* *
%"" +
& &
&
%
'!
' *% %
"% '
% #*
%"
(
%""
2
% * "% 4
( &
# &
2
!
)2
# *
# #
6
! & ( & 2 5
( ! & +
! )
+
+
*+ +
5 #
( 3(7
*
# # (
&
!(
!
" !
% *% * + #
7
&
+ &$ +0
:
*
"8
%
9 %*
%! &"%
#
&!! %""
'
7 98
&
% " %* 70
8
0; $% ' 7 :08
# 3% % 0
!
% *% * 730 8
# / !" 30 7<30 8 # 3 ##
9 "" % 7398
# =
%' 3 '
#
&
9% $ "'
# >%
%$#
.
2
&$
' %& 7
7>
8
8
) 82*
&
).2 *
.2 )9.2 *
■ ■
.
■
;
5: #
).:*
.
3 );.3*
:
■ ■
7 9 8
*
8 & 2%
■ ■
&
$
* " %
# %
)
■
2 7=328
6
5
"
#54 ) :"54*
# 5"
#
"
■
#
)6 "* ) "*
!
&+ & ( (
&+ # << ( # # 6 ?@74( ■
(
< #( &=
# 6 + < 5 &"
( #( +> #
"
:
)":*
"
& &5
( ":
>
!
":
& &
!
" !
&
2
$ %
&
&
&
= # ( ": )2 *(
(
2
■
&
&
)2
*
"
& ( !
& &5
2
(2
&
& ":(
&
:0 82
&
& +
#
&
82 ! & "8;
#
"
+ ( 82
& (
& + # # # & +
&
&
) "* # A. " # + #
& "
#
#
("
(2 ( " & # "
# B & %)
" & *( C (
30 .2 82( .2
& 3D5
&
!
( .2 #
! &+
& &
(
<30 9.2
.2 +
#
& &
.2 ( 9.2 4DE5 ! &+
( 9.2
& &
! &+ & (
39 .
5:
#
5! & ! &
82 (
&
&
( ##
! & ( FDE5 47?@5
( .: 47?@5 #
.: (
=32 ;.3 ;.3 # 82+ ":+
# # 2
(" & ;.3
! ( ):;" * 5 & & % 5 (
#
! #
(
9 :"
# :"54 :;" ":+ 2 :"54
,
!
( ( 82+
(
!
" !
>
' %& 6 "
5! & & .: % #(
&
&
#
( 82
#
! &
.: %
& 5
6 ")
! & *(
& !
5
&
B
(1
## )
! & 6 "
!
" !
#
#
& & # "( " " % (
$ %
&
+
& % # ! &
& % *(
-
# '& %
/% ( ! &
#
5
(
# '& % /% (
/% (
!% &!!
# '&
/% (
# '&
/% ( <
# '&
/% ( 1
/
- .
:0 % % %%
% *# '& %
# - .
?
#
5 &+
5
( #
! (
&
&+
! ## !
0
(
&
& B
(
!
!4
■
! &
## &
( #
!
+
!
!+
( !?
■
#
( 82 82 # =# #
% ■
82
( 82 82
(>
!9
# & ( 82 82
( ! 82 "+ 82 " ( " "
%
! # # =B ! #
+ " (>
!
" !
■
!@
&
("
&&
!
" !
$ %
&
& &+
+& !(
/% ( &!!
!% #
# '&
#
- .
!
B (
#
!
(
/% (
!% - . &!!
#
!
3 ! "
' $
#
!
3 ! "
' $
#
!< 0
& ' $% $ $ & !
#
!1
!" !% %
" ! + ' &!
!
&
#
82 ) 82
(
(
*&
(C
& .
# # &
.
#
) 82
# !<
* &
2
!
!
# &(
#
#
& C # (C ( &
)
#0 &
82 (
# !
8
!% ( "
& ! & # & *
8
7 :0 !
%$#
(C &
.
:0 7 :0 !
%$' %"" % % *
& & #
# '&
& & %
G* 2
& ( !1
#
& ( ## (
# &
! #
&
+
!
" !
"% # "%
'
* # 3 * # %** @ %") =
" 82 82 ■
.
&
"&*
##
$ # ""
:0 !$% ( * ! % *$ A
& + % # '& %
& 82
#
82 # (2 82 ) * 82
' ! "
# (C
#
:0 ! )
# ! $ * %""
# &+
(
) "8; * & #
"
82
# &
82 &
&(
82
&
#
#
( ■
■
.
#
! & HC # & (C # # (
#
# " 82
& #
& ! & #
C 82
"( #
!
" !
$ %
#0 #
&
(
'
:0 $% %%
"
%% 0
!
"'
9% $ "'
:
$
=32
%
>
?4 1
&
*
#
C ?4 1
&
("
' %& 39 @ &!
39 @ &!
B#
" 82 82
9
%$= $ *
0; $% '
:0
<30
30
$
&$
'
'
# !
# =
>
82 #
%
# #
:0
#
82
% &! # ##
+ * 82
)
# "
# #
B +
& (
&
& &
& &
82
&+ &
(
82 &( B
&
#
"
(
"
C
*
# +
& &
82
(
0 #
'
&(
!
" !
3 #
:0
"
%%
C
82
#
+
82
& &
(C &
&
(
#
82
&+
( # :0
"
+
(
%% %% .
! * -%"& )* / 01
"
.
2
"
3
!
" !
3 3
*, / 0 &&
!
"
'01 5 " "
%$"/
"
6
$ %
*, / 0 && 4 "
4 "
!
&
6
'
4 "
&
9
4
*2
%
( / 0 && /
01
%$6
7.
.
24.
5
"
3 #%&"
<*
.0) 24.
7 8 20 && 4 " & 3
.
4
*
*
*, / '01
"
&
:
&
,*!( 2 3
01 /
"
!
:
&
&& 8
& '01 "
"
)
3
:0 $% " +
<
+
D
4?
D
4?
<
%% 0
!
9% $ &$ :
"' "'
$
30
9
9
$ %
4?
B#
%$
%$= $ *
0; $% '
:0
30
39
?4 1
4?
39
?4 1
*
* <
" 82 82
&
# ("
& # !
# =
>
82 #
# #
C 82(
( # % #
*
#
"
82
& ## &
# 82 (
&
!
" !
"% # "%
'
"&*
$ # "" ') " %"' $ % * !% % # ! %" & % *! # % * # ! +* %" 3 %** % * %!!" % #$ ! * " % &%" :0 % * @ %") = A # '& %
1
) 82 &
#
#
.
& #
#
#
&
&
& #
B
&
# !
&(
(C # &
& (
# #
■
# # ( # #
(C
& #
■
# (
#
■
■
*
(
.
&
#
&
82( .
/ /
71
&
"
!/
&
& #
!
" !
#0 #
(
$ %
&
""
3 7 :0
%$/
8
+
<
" +
D
4?
D
4?
<
" /%
#
0 +9
%
+ 0
!
/ %## 0
30
/&
"
0
30
+
**
D
'9
/&
"
+
4?
D
4?
<
<
7 % ( 8/ ! ! *
0 % " $
!
%( !
!
%( ! 2
.
# &
! # B
■
1
■
1
■
1
#
&
(C
&
#
(C
&
&
B
I I + %
+
I ■
1
■
:
I "
I ## &
% #
,
&
&
(
!
" !
/% (
# '& % #
:0 % %
!
82
#
!( 82
!
#
2
82
82 82
!<
&( 5
! &(
& 82
(
! ! ;#
0 % " %""7
#0 % " %""
!
! &
82(
!
!1
5
2
3 % "
:0
# '8E * % " #%
# :0
% " *
#3 % "
:0
:0
$
+
* #%&" #%
&
*#
82 ) "8; *
pixfirewall(config)# isakmp enable interface-name
& 82
## (A
& ##
.
)
(
82(
&
"
&
!
" !
$ %
&
-
!
#
%
# #
% % &
# '&
%$%! "
&
'
"
&! *
! " & $% * #%&" %"&
%
:0
&
% $!
?
82
!
&
##
#
% ) *
&
&
B
&
#
pixfirewall(config)# isakmp policy priority
) *
&
&
#(
pixfirewall(config)# isakmp policy priority encryption des | 3des
) *
&
#(
pixfirewall(config)# isakmp policy priority hash md5 | sha
) *
&
#
pixfirewall(config)# isakmp policy priority authentication pre-share | rsa-sig
.
&
&
"
&
) *
&
.
5
!
5:
#
&
5
!
"
"
'
(
pixfirewall(config)# isakmp policy priority group 1|2
)*
&
82
&
'
# (
(
pixfirewall(config)# isakmp policy priority lifetime seconds
.
&
& "
& /
!
& &
&
/
& "
&
!
& &
& $
%( ! ! "
!
& ; ""
" !
!<
! ;#
%""7
# '& $ $% * :
# '8E
!
"
#
$% *
#
&
% ?
#
:0
!
%
*
%" %
# %"!$% &
$!
$% %
&!
#
#
% $
# 0%
"* % * %**
# '&
%"% "
D
82
!<
5
! &(
pixfirewall(config)# isakmp key keystring address peer-address [netmask]
& # !
5
#
4?E &
(
( ("
5 B C
!
" !
! & # ! &
# ! # & ( '
# & (:
#
$ %
+ 5
&
& ! &(
##
!1 -
#
"
:0
%$&& &&
)"* )"*
-- ,,
&&
# 3 !"%
)"* )"*
&& (") (") ##
$$
++
$%
%$!" !" ##
$%
%$,,
.. ++
,,
&
( ## (
#
'' $$
# '& * % * * #%&" :0 !
& 82
!1
(") (") ##
!" !" ##
&
& ##
+ & ##
+
pix1(config)# show isakmp isakmp enable outside isakmp key cisco123 address 192.168.2.2 netmask 255.255.255.255 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400
!
" !
/% ( <
# '& % # &
%%
! # ( 82 5
# (
!
#
!
&
!< !1
! &
"
&
&
(
# (
#
(
!
! ;#
%""7
# '& ' / %##
# '8E
## #
F
# 3 #
$$
!
F*
!
"
"
%##
%**
(
&
&
!
pixfirewall(config)# access-list access-list-name {deny | permit} protocol source source-netmask destination destination-netmask
#
■
& #
&
+
&
&
&
&( (
■
!+
■
!
■
.
!
" !
&
)
+
( & ( )
$ %
&
'
&
(
&
& &
(
&
+ #
&
■
&
■ ■
& .
■
#
B
&
B
82
.
8 & &
!
!
"
" "
5
5
"
& " && /
# #
#
&+
&
+
% & % #
< &
*
/
" & &
&
&
& +
( #
+
&* % #
)
+
) # *+ & #
&
&
& &
&
(
#
( +&
&
&
&
&
#
(
! "
& &
(
#
&
# #
)
! #
! & & #
#
# #
*
+& &
&
(
(
!
" !
0;% !"
!
B
+
<
+
D
4?
D
4?
<
+
%%
** **
&& '' ()' ()' '' **
**
*'*' *'*' ''
&& '' ()' ()' '' **
''
''
''
&& '' ()' ()' '' **
+
%%
** **
&& '' ()' ()' '' **
** # B
*'*' *'*' ''
&& '' ()' ()' '' **
%
''
''
''
&& '' ()' ()' '' **
%" <
A
## % #
&
(2
% #
&
( #
( ' '
!
" !
+ (
$ %
#
&
(
)
!
! ;#
%""7
# '& #
/%
%
# '8E
! #
"
* &!
# 3 #%&" #
"" 9 % * &!
*
# '&
&
0
%
#
"
% $ '
!
1
#
!
pixfirewall(config)# crypto ipsec transform-set transform-set-name transform1 [transform2 transform3]]
H
■
#
# ! H
■
#
■
&( #(
2
#(
(
#
■
&
": #
■
#
#
#
( &
&
# (2 )2
+ ":+
# #&
*
( C
#
&
#
&
# &(
+
& &
.
&
#
#
#
B
&(
+
#
*
&
& &
" )
#
#
( ":
#
2
#
#
(*
!
" !
% "% "
/%
+, +, ,-+. ,-+. -/ -/ +, +, ,-+. ,-+. 0,+ 0,+ 102 102 102 102 102 102 102 102
#
/10 /10 /10 /10 ,-+. ,-+. -/ -/ ,-+. ,-+. 0,+ 0,+
(( () ()
2
# # #
&
(
#
# &
&
&+
"
2
%(
# & (
2
&
#(
#
":
#
# ■
2
+ ":
■
2 ;.3 :"
#( ) #
# #
(
# & !
& &
■
&
■
" !
# #(
;.3+
■
!
":*+ & *
&
2% # ■
2
:" ):;" ! &
$ %
&
!< $
!
!!
"" !!
#
# '& =%!
""
!
#
7 :0 !
%$# =%! %
% *
8 !% %
G&
&
' &!
%! "
4
&
!<
) *
&
#
##
#
&
(
"8; #
pixfirewall(config)# crypto map map-name seq-num ipsec-isakmp
&
■
#
#
B
&
#
#
B
(
) *"
&
#
&
pixfirewall(config)# crypto map map-name seq-num match address access-list-name
) *
&
pixfirewall(config)# crypto map map-name seq-num set peer hostname | ip-address
#
■
(
■
) *
&
&
##
(
#
&
#
&(
pixfirewall(config)# crypto map map-name seq-num set transform-set transform-set-name1 [transform-set-name2, transform-set-name9] ■
$
■
C
#
# &
) *) ) *
*
)J*
#
&
&
&
&
B
*(
( !
B B
&)
#
& &+
#
pixfirewall(config)# crypto map map-name seq-num set pfs [group1 | group2]
.
,
&
0 &&
4 "
5
8
&
!
" !
) *) &
*
& &
&
#
&
#
&
&
&
#
#
pixfirewall(config)# crypto map map-name seq-num set security-association lifetime seconds seconds | kilobytes kilobytes
) *)
* &
& & # &
#
& #
& "
# ##
& # *
# #
(" & # # & # ' B #
&
# (
&
&
)
(
% & B
!
" !
#
#
&
&
#
'
(
$ %
&
-
!1
! ;# #
!1
"
%""7
!!"
$
#
%
&
&
!!" %
$
#%
!
=%!
# '8E !
%!
%
#%
! "
#
pixfirewall(config)# crypto map map-name interface interface-name
##
&
#
##
&( .
)
&
&
'
!
" !
0;% !"
!
=%! # +
+
<
..
22 .. 00 280 280 ;;
-44
D
4?
33 33 ** && '' ()' ()' '' ** 55 && '' ()' ()' ''
97: 97: 55 ::
4# 4#
+
D
4?
<
&& '' ()' ()' '' ** 55 6(*)*** 6(*)***
&& '' ()' ()' '' **
4* 4*
77 ))** ))**
%% $$
?
A % #
!
" !
## & #
$ %
&
& 4
&
#
( (
'
0;% !"
!
=%! # +
+
<
..
22 .. 00 280 280 ;;
-44
D
4?
D
33 33 ** && '' ()' ()' '' ** 55 && '' ()' ()' ''
97: 97: 55 ::
4# 4#
+
&& '' ()' ()' '' ** 55 6(*)*** 6(*)***
4?
<
&& '' ()' ()' '' **
4* 4*
77 ))** ))**
%% $$
D
% #
'
&
#
?
(
!
" !
/% ( 1 /
% *- # - . #
# '& %
!
& # ##
#
/% ( 1 / % *- . # '& % #-
# % %##
#-
#
#-
#
82
!( &
"
% *
:0
(
#
"
'
# '& %
# '& %
<
C ■
■
# & ## &
" !
&
82 (
&
# ##
!
&
( ##
■
&
(
$ %
&
''
/% ( 1 / % *# '& % 7 #-
# $ # '& %
#
" %
#
" % :0
#3
!
&' :0 % * + %""
# - . 8 %!
%##
$ &'$ $
<
C
# & ##
■
& "
##
(
##
82 " (
■
.
&
# "
#
82 "
#
82 ##
'(
&
(
■
■
&
(
!
" !
%"
+
%"" - . 5
! & (
82
&
!
& #
"
(
&"# "" ' > G&
#
0% $
!
*
*&%""
""
$ $
<1
A #
" B (
#
(
# "
82 ! &
# (2
&
"
&
! &
5
# & #
(
!
" !
$ %
&
')
+
%""
$
0
"" 0
"
&
(
0
#
# '&
#@ #
"" % + 5
%
%$&$
&!! !& " %
# > G& #
%""
%
(
$
'
%* ' *
! *
# %
%
#
#
$
G&
% *
*
# % <2
" % #
&
! & &
"
#
( 6 "! &
!
##
B ! &<
!<
! & "
!1
.
# #
#
#
"
(
"
"
6 "
(
B = / &
> &
=
& ?
( >
=
&
>
& 5
0
(
! &
!
'*
#
& &
" &
!
" !
B% 0; - .
)
# '&
#
%
+
%""
& %
&
(
&
#
! 82
■
&
■
5
! &(
(
- &%" & & %
&
#
(
B% - &%" * D
4?
* <
H 1
*
&
H 1
<
H 1
*
> &
D
&
./ / 5
%""
H 1
> &
*
+
4?
)
*
+ %""
*
* H 1
H 1
<
<
./ ./ " ' / % *5
)
./ ./ " ' / % *5
)
<
% CK
#
& (
#
&
!
" !
&
& (
$ %
&
'
&! ,
+
■
2
&
■
"
&
B
#
1 (C
# &
% ■
; !
■
2
& (
&
#&
1
' 1 ■
2
■
2
(
(
1
&
& 1
1
1
(
# 1
& ' 1
(
3 C
!
%
&
(1 !
82
■
#
(
#
■
(
&
■
/% ( )
(
!%
# '&
- . &!!
# . % ■
82
#
82
&(
%
82
&
5 &
2
(
+& (
&
■
! &( #
&
!
#
(
■
!
&
.2
&
(
# 1
pixP(config)# show static static (inside,outside) 192.168.P.10 10.0.P.3 netmask 255.255.255.255 0 0
)
',
L
#
*
!
" !
&
!<
#
1
&
1
( pixP(config)# show conduit conduit permit tcp host 192.168.P.10 eq www any
) 2
!1
L
#
*
&
1
#
1
( 2 &
!2
#
&
#
&
!
!
# 5
##
( pixP(config)# sysopt connection permit-ipsec
/% ( )
# '&
:0 % %
# !
2
82
&
82 pixP(config)# isakmp enable outside
82
!
&
5
! &
(
pixP(config)# isakmp policy 10 authentication pre-share
82
!<
&(
pixP(config)# isakmp identity address
"8; (
!1
5
! &
pixP(config)# isakmp key cisco123 address 192.168.Q.2 netmask 255.255.255.255
)
L
/% ( <)
#
+
L
# '&
#
*
%%
#
) 82
*
#
(
!
1 pixP(config)# access-list 101 permit ip host 192.168.P.10 host 192.168.Q.10
)
L
#
+
L
#
% #
*
4
?
pix1(config)# show access-list access-list 101 permit ip host 192.168.1.10 host 192.168.2.10
#
!
.2 ( A #
) 82 %M+
# =M> B
* &
2 '
pixP(config)# crypto ipsec transform-set pixQ esp-des
!
" !
$ %
&
'-
&
!<
4(
#
&
&
#
#
5
&( A
M
pixP(config)# crypto map peerQ 10 ipsec-isakmp
)
L
#
?( $ !
&
*
#
pixP(config)# show crypto map Crypto Map “peerQ” 10 ipsec-isakmp No matching address list set. Current peer: 0.0.0.0 Security association lifetime: 4608000 kilobytes/28800 seconds PFS (Y/N): N Transform sets={ }
1 " @D7E777 !
&
&
# I
9( "
&
# (
pixP(config)# crypto map peerQ 10 match address 101
)
L
#
@( .
*
(
'
pixP(config)# crypto map peerQ 10 set peer 192.168.Q.2
)
L
3(
#
&
*
#
&
(A 5
#
#
?(
pixP(config)# crypto map peerQ 10 set transform-set pixQ
)
L
D( "
&
# &
*
#
pixP(config)# crypto map peerQ interface outside
)
L
/% ( 1) /
#
*
% *- #
# '& %
# !
&
& 82
&&
(
(
pixP(config)# show isakmp isakmp enable outside isakmp key cisco123 address 192.168.Q.2 netmask 255.255.255.255 isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400
(
!
" !
1 " "8; 1 "
& " 82
2% #
+
82 #+
&
& #
1 82 " & "8; " !
# # # (
&I #+ .5:
&
+
I 5
&
I #L + # LED@77(
82
#L
&
+ .5:
L
4+
(
pixP(config)# show isakmp policy Protection suite of priority 10 encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit
: "
. &
!<
I (
&
(
?
4
pix2(config)# show access-list access-list 101 permit ip host 192.168.P.10 host 192.168.Q.10
&
!1
#
) 82
*
pixP(config)# show crypto ipsec transform-set Transform set pixQ: { esp-des } will negotiate = { Tunnel, },
&
!2
&
#
(
&
#
4
pix1(config)# show crypto map Crypto Map: “peer2” interface: “outside” local address: 192.168.1.2 Crypto Map “peer2” 10 ipsec-isakmp Peer = 192.168.2.2 access-list 101 permit ip host 192.168.1.10 host 192.168.2.10 (hitcnt=0) Current peer: 192.168.2.2 Security association lifetime: 4608000 kilobytes/28800 seconds PFS (Y/N): N Transform sets={ pix2, }
!
" !
$ %
&
(
"8;
!4
pixP(config)# debug crypto ipsec pixP(config)# debug crypto isakmp !
2
"+ &
##
pixP(config)# clear crypto ipsec sa
1
!?
#& 4J?(4DE(M(47 1
1 &
1 ( (
return status is IKMP_NO_ERROR !D
2
&
&
#
5 4( 2% # &
&
(
#
!
&
pix1(config)# show crypto ipsec sa interface: outside Crypto map tag: peer2, local addr. 192.168.1.2 local ident (addr/mask/prot/port): (192.168.1.10/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (192.168.2.10/255.255.255.255/0/0) current_peer: 192.168.2.2 PERMIT, flags={origin_is_acl,} #pkts encaps: 210, #pkts encrypt: 210, #pkts digest 0 #pkts decaps: 201, #pkts decrypt: 227, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 29, #recv errors 0
?( N
&
!
6
&
1
( 9( 2% #
& #
(
!
(
pix2(config)# show cry ipsec sa interface: outside Crypto map tag: peer2, local addr. 192.168.1.2 local ident (addr/mask/prot/port): (192.168.2.10/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (192.168.3.10/255.255.255.255/0/0) current_peer: 192.168.2.2 PERMIT, flags={origin_is_acl,} #pkts encaps: 238, #pkts encrypt: 238, #pkts digest 0 #pkts decaps: 239, #pkts decrypt: 267, #pkts verify 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 31, #recv errors 0
!" C (
% #
%
& !
" !
■
■
&
% # & %
0;% !"
# '& % % #
4
# & %
?( C
% #
&
(
+ 0;% !"
# '& %
% #
## &
/% " 0;% !"
# '& %
! %**
&
! %**
*
D
4?
D
4?
D
4?
21
% (
/ 1
"
&
22 22
* 8
% 7 * & 22 22 22 22
! & &
22 22 22
4
'" %" 7 & * 8 22 22 22
D
4?
22 22 22
* A
% 7
# '& % 3
*
! %**
%
+ 0;% !"
* 8 D
!
4?
!$
<
D
4?
% (
$
/
% @&
-
*,
@
A /
*& !
!%
*& ! &
&
! !
%
!$
D
4? D
! !
% %! !
!
%! !
!
%! !
!
%! !
G
!
!*
@
D
%
" !
#
&&
&
&
&
/
.
"
A /
%
&
&
" &&
0 & 2 8 3/ 0 &
"
$ %
& " "
7. 3
&
#$
&
&
!
"
0 & &
!;
/
"
/
0 &
4?
/
&
0 & !*
%( !
!
&
&
% $ %**
!
' %@
/ %@
A
%
1
!;
&
"
4?
!
#
&
/
@
*
!
4(
@
"
"
"
"
"
"
! "
"
"
$
&
#$ & 2 71
&
$
B
$
$
& & "
('
0;% !"
# '& %
!
3
%! !
%( !
#%
% "
&
&
*
1
< %**
"
& &
*
%( ! ( 22 22 22 22
!
D
4?
% (
!
71
/
%& $
%( ! ! "
% !
!
%$*
%( ! ! "
$% $
%$%( ! ! "
' &!
%( ! ! "
"#
0 & "
& %' '01 &
0 &
7. 2 713 "&
& %'
&
&04
! %**
4
% 7
D
4?
"
+ 0;% !"
*& !
22 22 22
4?
D
4?
4?
!$
&
& !
((
!$
& ,*!(
?(
! & &
21
&
% (
<
D
/
4?
% (
$
/
% @&
-
*,
@
%
A
@
D
4?
*
D !
"
22 22
* 8 D
!%
04 C "
"
7. 2 713 &
/
*& !
4
# '& %
1
!
:
01
## &
* 8
% 7 * & 22 22 22 22
&
# '& %
22 22 22
* A
'" %" 7 & * 8 22 22 22
D
4?
*
! %**
%
D
!/
5 /
7. 2 713
3
*
%$& @
0 &
&
# '& % &
& *,
& %'
?41
/% "
! %**
71 5 & 5 &
7. 2 713
% #
0;% !"
&
0 & 5 &
& 8
+ 0;% !"
$
"
7. 2 713
B
%( ! ! "
"
!
G
& & / ' &
%@
@
/ %@
A &&
&
&
& "
.
/
/
"
"
A /
%
&
&
%
4?
& 1
/
& /
&
!
&
!
!
" !
0;% !" ! !
# '& % !
%
#
!;
%! !
!
%! !
!
%! !
!
%! !
!
%! !
%( !
3 !*
0 & !*
%( !
!
#%
% "
&
%( ! ( 22 22 22 22
%( ! ! "
!; *
4?
% (
&
"
#%
!
/
%( ! ! "
!
! *
%( ! ! "
$% $
%$%( ! ! "
' &!
%( ! ! "
"#
%$"
"
"
"
"
"
"
"
"
%
"
%
B
&
% "
& " %
"
&
71 5 & 5 &
& *,
%$& @
7. 2 713
& %'
0 &
7. 2 713
& %' '01 &
0 &
7. 2 713 "&
& %'
?41
&
" !
$ %
&04
!/
:
7. 2 713 &
&
5 &
/
0 & 5 &
&
& 2 71
&
7. 2 713
0 &
& 8
#%
%
71
B
%
@
"
& & 1
D
&&
0 &
* < %**
"
0 & 2 8 3/
# &
%& $
!
4?
& " "
7. 3
0 & &
D
%
"
0 &
% $ %** !
!
" "
01 4 04 C "
& ,*!(
()
&
% ##
0
! &
& # * # $ - . # *
# $ %""
# *
# $ %""
#
# '&
$
+
% ( ! # &!! % * & &!! %- .
#
(
% %""
% "
%
&
*
# '&
+
*
# '&
+
+
%""
(*
!
" !
■ ■ ■
!
■ ■ ■
"
■
$
■
(
# % !
■
■ ■
) !
■
) ## !
&$ %'
*
!
!" ! #
% " #* #
# $ $%! & "" $ # "" ' % ( )
+$
#* # #
+
%"" , -%
# '&
.
"
-
!
" !
.&
+$
%"" ,&
'
+
+$
# +$ # %&
0
%"" % & # & $% ! . &" !" " " & '
# (!
$ # ""
')
)
, -%
) &$
%
)
.
&
.
" 1#
%""2
! ,
/
! !
.
+
#
!-
-
!
!-
+
!
! .
-
- !
-
/
$
! !
0 +2
#
&)3 $' #
/ #
4
!
&5
-
, -% .
$ 3
) ! '. &6$7'
+
" &
! # .
/ ! # . /1
.
. $
8($
.
- !
0
#
#
' #
+ -
$ +
#
-
+ # # !
" !
#
-
$
% &
'
(
.
!
.
!
&$
. # #
%
* -
.
#
0
+
! ) 7 !*
+$ !
#
! # &
- ! # ! $ +7 #
!
'
0 ! 9
! ! : (8 0
-
+
8
.
;
#
!
+ 4
-
$! # .
-
#
# 0
+
-
+
* !
# &( ' .
! (
. !
. .-
! !
! !+
-
#
-
# .
!# #
+
#
. #
7
! .
# !
.
*
!
,
7
&
.+
!*
!
+
#
+
!
" !
, -% #
% (
%
# #
! . $ &'$ % #
#
%
#
4 %
#
! . # %"" . .
! %##
% "
-
. "
.
-
# .+
% .
*
%"" %
.
%""
!
%""
!
% %
' $ # % 4
$
#
% .
%'%
*
. "
%
.
% % (
3
!
$ #
!
8($
.
!
+ +
#
#
#
#
$
8($
+
!
* #
. #
! -
.
.
<7
8($
.
4 = !
.
! !-
+ # &( '
( >
+ . .
# ! #
. $ . +
#
!
+
$ !
" !
$
!
#
!
#
-
+
#
! &
# ## . ! # )'
$
.
+
+
! #
. #
# #
.
$
+
% &
'
+
&$ # 6++ #
%
%
. %& $
. . % % . %& $ 7% 9 * !
, %
! & %+
%& $ % 8% .
"
5
! #
! ! +7 !-
0 !
0 -
2
# !
; '-
-
. # !
: (8
# !
,
-
!
## +
9
! 7
+
$#
!
!-
!
!
&
. +$ * $
!
. 6$7
+
#
! &7
- $
!& $
'
+
!
" !
& #
% %
# ;$ %
% !% ( # $ # ""
)
"%
)*
)
&
.
!% ( % $% ' %& ' # '& % " % ) . % %"%
%
% ! #
* *
" '
!) * ! $ !% (
)9 # .
"
*
) #
.+ 3<
%
$
% % (
:
! # #
-
+
# !
! !
. !
.
#
4
+ !
#
+
*
!
#
#
?@ .
# ! .
!
" !
#
##
.
+ #
+ ##
.
+
$
% &
'
-
, -%
.
" # #
.+
!
+ .
4 #
1
%##
)
&
% ..
%
)
&
% ..
%
%
&
#
#"
.
"
4 2
.
#
!-
+
' %.. !
!"
%#"
'
%""
)
%
!
%##
%
)* '
( !
%
.! % '% &
" &"
$ %!!" % . % %""
%"" % "
%$<
)
#
)
.
)
) # . ! -
# #
-
# # # ! +
!+ ! +2 #
!
.
" !
6 " $
-
%## &"
-
!
; (
.
%""
% '
%. % %##
&
4 % (
!!
=
//:
%##
/
! " % %"" % % . 4 % >& . $ %!!" % %" % . ! %'% %!!" % ! # % % (
=
2
&
% ..
-!
!
. $ % %!!" % % & % . %"" . % 4 #
%$! & !
! !
-
! ! +
!
+ !
+$ .
!
)-
.
# !
+ #
! +
/ #
-
$
& -
! $
' -
& ##
#
'+
0
##
-
.+ .
4 0 $
.
!
. !
!
' +
4
#
$
.
-
# ## A % $B
. +
##
&
#
'
%
. +2
.-
(
. ■
"
■
$
■
# ! .
# .
# #
#
.
#
#
#
# !
" !
# $
% &
!
+
'
.
# #
!
.
( #
.
#
( +2
# 2
. ! # +
#
#
. ! #
! -
& !
#
(
'
.
##
-
# ( #
■ ■
#
■
#
$
+
+
-
. 8($ #
$
!
#
■
-# . ! $
■
#
! .
<7
!
-
+ .
<7 +2
! <7
. -
$ # +
(
!
.
-
!
+ (
#
# # -
.+
! .
(
$ $ $
.+
$
.
# # !
4 ! !
.
-
.
!
$
(
.+ #
#
+2
.
-
# +:
. C
!
#
.
#
.
#
+ .
+2
-
#
!+
8($
#
+2 !
# # #
.
#
- # +
8($ ! #
8($ # 8($ . # '#
. +
. - #
#
!
&
# .
8($ +
! #
!
#
#
+ # #
#
! + # : % &76: %+'
.
.+ #
!
!
!
" !
&!! # + #
.
"
1
'"
%$"2
# B% %
* 1
'"
%$"2
#
C4D?
# 9
# 9+
#
# 6 = = 1E,) ? A ' $% A 2
+
# + + #
?@9 % " '
#
#
% . 1 & $ , % . $2
$
( '2
% ;
$
(
) F* 4
-
8($
■
$
'
8($
'
-
<
!
& # #
!
& # #
! +
!
!
■
:$ &
:$ -
■
%
:$
( > :$ '
$
■
$
■
" !
$
!
■
!
( 2
.% # ?
)
<
■
87 D :
■
% $
■
;
■
1
##
$ &1
& .
-
-
'
'
5)E7
■
:
■
;+F3F &>
■
%
■
&"
)A
A+
# 6++ 1B% % "
■
1E,) 9 %"?
$ &>
:
7
.'
7 %
-$
- 8
% A
!
2
$
7 #2 . $
% &
'
B'
■
6( )
2 #
# !
-
!
#
.
. +
!
" !
"
% . &. + % "
#
%"
'
%
#
&.
%"# %& ( % %
%"
%"
&
" '
#; $ ! &" # '& %" % . %&. % ! %!!" % !
% . %&. % ( %""
& % %" # % " %
# +> / # :
#
# #
. ! -
# ! -
!
. -
#
+ #
# -! +
!
# ;
" !
-
-
!+ 8 #
!
!
.
$
$
;
$
#
-!
!
+
% &
'
(
-
#
%&.
#
'"
# '& %
% " % . %" %"
&
#* #
% . $
!!" %
#* #
!
&"
#
!
&"
!!" #%
#+
% .
$ ". A%!! ' 1
% .
A2
4
#
=
. +
■
#
■ ■
(
■
(
■ ■
*
+
$
%
&$ %'+
+ !
)
+
!+
!
" !
&. + % " % . " +
E % " 9 &
&. + % " % . "
1
# '2G
"( # E % "
" " "
" '
# # #
9 &
1
)
*
#
"
% . &
$ %&' $ %&' $ %&'
%% %%
" '' '
% % "(
# '2G
$$ %
&
. ##
3
. +
#
#
-
8
## -
!+
!
##
!
7
!
" !
##
#
. !
##
$
% &
+
'
+
H"
%" +
&
% . +$
$ ". #
■
$- <7-
7
#
■
$- 8($-
( #
■
$
7 #
!
# &(7 '
#
(
+ 9 &
1
I? % . ;% +
?
# '2G
+ , #
!
9 &
# % $ $ 1
% # %+ % " $ . %
# '2G
$ #
!
# !"
,
% >&
#
# % ' $
? , $% '
:
# # #
# +
!
#
# #
!
!
+ < # #
# !
!
4
# !
+<
! # .
! +
$ ## # !
,
+8
#
##
+ ##
!
" !
'&
*
! '
0 2
0 '
'
$ 7 ##
'
+8
" !
'
(
#
#
##
#
+
##
*
! '
!
1/
-
!
'&
/
/
3 %
$
1/
'
% &
0 " +
2
'
'
'
-
+ 9 &
* % . *? ." +
1
# '2G
( "( #
!
#
%"" %
$ 9 &
1
( .#
!
#
$
# ##
+8 !
8($
# ##
+8
" %"" %
$
!
*
# '2G
( #
%+
# !'#
&
# !'#
&
.#
% *?
#
$
##
# #
+
8($
##
#
!
+
##
'&
* "
!
(7
! ' 1
#
#
'
' " 2
54
&
/4 /
5 !
#
(7
! '
0 (,
' (
#
.
!'##
+8
#
##
#
+ !
##
!
" !
'&
* "
!
" !
! '
' " 43 1/ '
'
$
% &
"
+
6
0
2
'
.
H" 9 &
1
%" 6%"#
4
!
# '2G
# * #
$
%
&
# , ' $%"# ! $ # % % 1%''
$% %& . " ' $%"# ! 9 & 1 # '2G
# * #
$
,
&
# , ' $%"# ! $ # % ! 1 %" . 2
$% %& ' $%"# !
. "
. 2
<
!
#
&
'
(
.
# .
!
#
+
# $$
+ = #
8($-
!
+ # #
# +
# #
#
$ #
8($ +%
#
#
#
+
2
#
& '-
G
4
#
## 4
H 4
!&
+ #
'+ # ##
#
+8
#
##
+ !
##
!
" !
'&
*
!
$ '$ '
' '
"0
' %
2
'
'
1/
'
+
'
*
# ##
#
+8
#
##
+ !
'&
##
*
!
" '
!
" !
' '
"0 2
$
' %
'
% &
'
1/
'
H"
%" 6%"# 4
9 &
1
!
1
2
# '2G
" # * #
$ & ! '. " .
9 &
1
# %
&
% $%"# ! $ $ $
# '2G
" # * #
%
$ & ! '. " .
# %
&
2
, $%"# ! $ $ $
!
#
&
'-
4
##
#
+
!-
#
& #
'+ #
# # .
#
# -#
+ # . =
# 4 #
! (
# + -
#
##
+8
#
##
+ !
'&
##
*
!
$ '$ '
' '
'
0 '
2
/
1/
'
+
$ # +
+8
## #
##
!
" !
!
'&
##
*
!
" '
!
" !
' '
"0 2
$
' %
'
% &
'
1/
'
'
*
(
6%"# ! 4 9 &
1
6
# '2G
.
/
# * # $ & # $%"# ! + $ . % %.. $% % , % % % . " ' $%"# ! $ $ #
#
$ $
' $
& $ $ # ""
#
# $%"# ! % . " ' #% $ )
) # " ( ! $ &'$
$
,
". >&
. .
$%"# ! "
%
%$. "
%"" $%"# ! $ $ %
#
.
% %""
.
# (
2
%
$%"# !
) # " ( ' % $% . " . % . .& ' $ ! # . " (
!
$ $ #
.
+
#
# &
'# #
■
I&
'= !
4
+
# + #
■
I= -
4 4
.
+
. . # !
+ #
-
.
+ . !
#
!
8
## !
. +8
. !
*
$
+
#
# #
$
(
## + ##
!
" !
'& $
*
! '
+ 1/ "
!
" !
(
'
" '
'
' +
7
$
%
/
' '
1/
% &
" 0 ' 5 2
"0
'
'
" ' "
2
'
+
!!" %
A%!! ' #
+
!!" % 1 A2
#
" # '& % % %!!" % !
# #
A%!! '
& %!!" %
!
& "
A . # '& . #
$ %!
=
$
% .
#
&$ %'
.
! +$ %
#0
$ 8($ #
#
#
. 8 #
+
#
-$ %
#
+
#
$ % !-
+$ # +7 #0
! -$ %
. .
+
$ % !$ %
# #
* #
-
,
-
!
# 4
!
A%!! '
$ % . !
) +;
)+
.
+
#
.
#
# #
#
!
# !
#
#
# !
#
!+
!
" !
?
/
"
' "
" 9//
' "
0 1 / 2
8
!
/
19// 2
! $ %
#
+
!!" % "
-,*
%
+
'
( (
+ (
"
* -
"
(+ -++ "
- ++* ++* + * + ,
"
+
7
+ "
6
++
( '
,. -
!
" !
$
% &
'
-
* # 9 &
1
1
1
&
% %!!" %
&
% %!!" %
#
%'
&
% %!!" %
#
%'
# '2G
# A%! % ! 9 &
A%!! '
# '2G
# A%! % ! 9 &
.
$
# '2G
# A%! % !
(
/
7
.
4 $ %
-! #
+ JIII $ % # $ % -!
#
-!
.# !
JIII
;
$
# ;
$
+
;
# !
#
#
JI+ $ + ! ! # !
+
?
'
"
" '
8
"
#
#
! #
'
!
"
'
! $ %
! +
8
#
#
!
+ $ %##
## $ %
!
'&
+8
#
+
##
* " %
! ' !' "
5
"
'
!' ! !" !" ! ! !
'
' ! !" !
! ( (! " ! 6 0 7! ! ' ! ! " ! " ! 7
"
! ! ! !
:
! ! "
" ! ! (! 6 ! " !
!
! !
'
"
'
6
?
7!
!
! ' !
"0 6
( !
8 #
0
'
,++(+
"
#
;
"0
<'
A%!! '
# # + #
.
-
# #
#
-
# !
#
#
2
+
#
-! #
+ -
# #
! JIII
#
# JIII
;
$
+ ;
#
!
# K@3+KLJ+I+I #
!$ % # # +
# $
;
# # JIII; $
JI ;
. $ % 3? &
! # ?
' '
# #
+ !
' '
# 3?
!
!
-
! ;
% $' ;
+
' " '
!
8
# $ %
$
$
"
+
"
%
" ''
##
!
)
$ %+
!
" !
$
% &
'
.
* !"% 9 &
A
# '& %
G
, #
$
9 &
%"" !
%!! '
#
%
G
, #
$
9 &
!
%!! '
#
%
#
%'
%!! ' # %' !
%
#
%'
%!!" %
G
, #
$ ! %!!" %
" ' 0 $ " 2
$ $
%1 $ 1 $
+
( $
( "
3
##
! +
$ %
#
-
>D>
!
'&
##
*
! '
!
(
'
' " ' "
"0 '
' "
!
" !
* #
!
9&" +
! !!" % 9 &
1
3
9&"
"
# '2G
4 $$5* ) "(
# * #
3
$ %!!" %
# ; "" )
#
%!!" .
!
%
) "
4 $$5* )
"
*
!
#%
% "% " !
" ) % .
) . '"
" # "( " # "(
% . " %" '
%
# '& % " !
!
"% .
$ %&' " $ %&'
$ "
:
# !
!
'
$
!
!
+
!
# +
-
& + 7 # !- ! ! ! #
+ !
#
$ -
.
$
.
#
+8
!
8($-
-
+ !
#
# + # #
+ -
## #
##
#
#
+
!
## M
!
" !
$
N
% &
M
N
'
(
'&
*
%
!
3 "
' %
'
!
'
"
/ 5 ' ' &.!! & ! # !! $ !! $= =! $ ! ! !! >" ! % ( ! # !! %"
J
K ##L
1$ %"
%&.
%"J
= ##L
##
1$
1$ ' / "
(
"" 2
"" &
2
"
''
0 0
'' '
'' ' 0
2/ '
" 5 4 "
'
! / !0
0 / ' "
!
6
!
. "
.!
: !! %"%&. !
!
' '
!
!
! %&.
!
%" 0 " ! %&. %"
!
54 "0
'
" 0
!
0
' 43
" !
! 9 &
1
9&"
B% %
# '2G
) ) #
"
% % "
#
6 7 3
3 4 $$5* ) "( *
"
"
#
( '
"
#
$ %&' "( $ %&'
"
#
$ %&'
1
$
% .% . %
"
6 7 " (
+
1 !
?
+ !- !
#
' !
0
6
> !
>
6 !
' 9//
/
&
6
!? A ' " !
1 M
$
' @ 6
0
##
! 0 0
?
!
" !
-
?
!
!
! -
#
!0 $ ! ""
%
& 0 / !
8
+1 ! !
#
8
+
'
?
! #
!+
. + !
4 $$5*
% &
N
M
'
N
((
'&
*
%
!
3 "
$ !
'
% %"
%"
' %
K ##L
1$
%&.
%"J
= ##L
6 2
##
1$
1$ ' / "
"" 2
"" &
>'
"
%"
(*
9//
' " 9//
J
''
' % ' 1
> !'
?
" 5 4 "
/
'
"
0
6
"0 2
6
0
'' '
'
! / !0
"
'
?
0 0
'' ' 0
2/ '
!
0 / ' "
!
6
0
?
0
6
!
'
' '
!
!
! %&.
!
%" 0 " ! %&. %"
!
54 "0
'
" 0
!
0
' 43
" !
! 9 &
1
%
9
3
4 $$5*
" . ), 4 $$5* ) "( *
3 " ""
'
)
9 " ( #
&
"
#
# '2G
) ) #
9&" !!" %
#
! !
'%
&
$
!
#
% !
# .
&
$ %&' " .
%
*
,
$$
"(
<
: #
$ # # :$
&:$ ' +<
#
#
-
#
-
# . + 7
# #
#
# -
#
:$
# #
#
!
# +
#
#
!
!
+
# 7
#
#
-
+
!
##
:$ M
N
M
'&
N
*
!
3 " % ! !
'% M &
%
'
%
'
' 2
'
"
%"
J
K ##L
0 '
1$ "
% 2
" !
"0
' 7 @
$
!
'"
6
'
' "
" " '' '
% &
" "
"0
0 0
""
!
'
! "
1$
/
'
! '
!
!
'
"
! %"
' ##
(+
%&.
%"J
= ##L
1$ ""
&
1$ '' "
(,
2 '' ' 0
'
!
2/
5 4 "
"
!0
! /
' "
0
' /
! %&. " ! !
"0
%"
0
%&.
54 '
" 0
!
%" '
'
0 / 43
" !
! 9 &
1
9&" !!" %
#
A+
# '2G
) 3 #
4 $$5* ) "( *
" %"" %!!" %
3
$ # "" )
4 $$5* )
' " '%"
"
% .
A+
) * + E@ ? 6E4 6E4 A 4 ? 9 E+ A4 E?* A4 % . F9 I # # . % " . %"" A+ # %"" )
"
%"
#
% . %
%"
&"
%""
% "
C + 9
. $ %
+
&'$ $
,!
.
$ %&'
=
% $ ! . ! # : $ -: > -
% $ ##
##
##
% $ ## ! ## - >D$7- ;>) - ;>)$- % )- 7 %)6: <+
+ ## ( %)- >7(-
!
## M
'&
*
%
' % '
K ##L
1$
%"J
= ##L
2 ##
1$
"" 2
"" &
1$ ' / "
!
" !
''
' %
"
%" %&.
M
N
!
! J
$- 58 -
% $ N
3 "
%"
+
'
"
'
' 0 0
'' '
'' ' 0
2/ '
!
'
" 5 4 "
! / !0
$
% &
0 / ' "
!
!
' '
!
!
!
! %&. !
%" 0 " ! %&. %"
54 "0
'
" 0
'
0
' 43
(-
! % ( 9 &
1
9&" %'
# %
# '2G
$
%
-
" #
$
#
%
*
% % (
"
' # %'
.
!% ( #
%, N &
#
#& %
& N
.
!% (
" # $ %
" . # %'
$ .
'
.
$ & % %. .
$ %&' !
"
!% (
" . # %'
.
!
=
( #
$
.
+>
# .
!
# )
-
.
+
!
!
# #
#
.
#
# -
'
$
$
. +
#
7
#
.
#
+7 #
#
. #
8 &
.
. # ! # !
+
#
# #
+
#
#
+ ?
"
0 '
/ '
" "
''
!0
6 '
'
" "
"
'
' "
6
'
!"
' "
! .. +
# #
# ' #
. #
#
C
# (
.
! ! ##
+8
#
+> #
#
!
!
#
& .
' " ' " "
# #
! # !# + !
!
" !
!
##
*
'&
# %'
'
%,
' 5
'
%
%
'
' '
' '' B 0
" !
#
"
" "
" % " " "0 ' ' " 1 2 "0 6 6 0 ' 6 ' + / ' ' "0
'
6
'
! '
% "
'
"
< "
!
.
!
3 "
&
$
/
"0
"0 B '
"0
A "0
$
" '
6 !' " 0 0
''
"0
+, " "
"
%
' ( !
% &
"
6
0
' '
/
0
!
0 6
! '
0
"0
: 0 ,!
"
'
! 0
0 '' "0
(.
! 9 &
9&" #%
% .
4
!!" . )
+
!!" %
9 &
1
!
%
9&"
#%
# '2G
3 #
!!"
" " #
%
# # !!"
.
!
&"
$ %&' $ % $&' !
%
$
&"
4
" 5
#%
9 #%
O
% ..
==
!
##
#
+8 +
#
!
'&
##
##
* 3 "
! ' 0
&
*
#
'' 0
''
!
" !
H
%" 9&" # !!" ' ! 9&" % . 4
#
#%
$
) !!" " ! ) !!" ! #
""
%##
4 &" %
$
%
$ %
% .. . %##
%$$ .
% ..
%$%##
#%
) !!" 4 $ % .. . %"" %## , ! %## A 2 ! . -
$% 1 &
%$=/
!
) #
*
#
+ )
!
■ O
!
O
!
O
!
)
!
#
+ +
■
) &
!
" !
%$'
!
$
+
% &
'
*
E,% !" ) +
%""
& & & & .. ## """" %"" %" %"" ' ' %" + + ## """" %"" %## %"" A A %## ## * $ * $ ' ' ""
=
#%
%% . . * *
.
&
O
O
& & . . """" %"" %"" A A %% . . 6++ 6++ == ## * $ * $ '' "" ##
%## %##
.
%## %##
""
=3
# +
-
. !
!
#
8($
$
& +
# #
&
KI+I+I+F+
'
%$
.
*
#
!
-# '-
! #
!
. KI+I+I+I # + %$
.+ ;
+
!
" !
$
&
" "
# #
#
#
"
#
O
O
: :
-
.
# # #
#
&
!
+
% . *
$ %&' + $ %&'
#
" " "
.
$ %&' $ %&'
# '&
"
& . + %##
$ %&' $ % $&' $ % $&'
!!" %
;: <0 ;: <0 "( %##
( % .
4% .
%##
#
+
+
$
$
.
+
(
9 : %
!
&"
;: <0 "
$
.
#%
%
% .
. =5
# !
#
!
!
2
# $
-
8($
Router(config)# ip inspect name OUTBOUND tcp Router(config)# ip inspect name OUTBOUND udp
!
2
)
#
$
#
KI+I+I+I
.
!
Router(config)# access-list 101 permit ip 10.0.0.0 0.0.0.255 any Router(config)# access-list 101 deny ip any any
!=
!
)
Router(config)# interface e0/0 Router(config-if)# ip inspect OUTBOUND in Router(config-if)# ip access-group 101 in
!
" !
$
% &
'
*(
& . + %##
"
#
#
#
O
O
-
!
#
$ %&'
"
#
"
#
$ %&' ,,, $ %&' &
# # #
.
+
%##
+ + (
% .
$ %&' $ % $&' $ % $&'
!!" %
.
=<;: <0
"
" " "
&
$ %&'
# '&
#
.
4% .
A % . 6++
$
+
+
$
=
#%
% ..
9 %
!
+
%##
&"
=<;: <0 "
&
.
=:
# !
#
!
!
2
#
-
$
Router(config)# ip inspect name INBOUND tcp
!
2
)
# KI+I+I+F
%$
;
$
!
#
Router(config)# access-list 102 permit icmp any host 10.0.0.3 Router(config)# access-list 102 permit tcp any host 10.0.0.3 eq www Router(config)# access-list 102 deny ip any any
!=
!
)
Router(config)# interface e0/1 Router(config-if)# ip inspect INBOUND in Router(config-if)# ip access-group 102 in
**
!
" !
E,% !" ) +$
%""
& & & & .. ## """" %"" %" %"" ' ' %" + + ## """" %"" %## %"" A A %## ## * $ * $ ' ' ""
%% . . * *
.
&
O
O *AP
:
#%
%## %##
.
O
5 *AP *AP - & & . . ## """" %"" %"" A A %% . . 6++ 6++ %## "" :: 55 %## ## * $ * $ ' ' "" =
# -
$
. (%P+ 8($
!
KI+I+I+I # . & KQ3+KL+I+3+
!
" !
!
#
# & KQ3+KL+I+3+
(%P .
# '
!
! #
$
' # %$ (%P + + %$ ; $
-# !
.
(%P
+
% &
'
*+
&
& . + %## .
&
O
" "
# #
#
#
"
#
-
.
" " "
# # #
#
: : !
+
% . *
$ %&' + $ %&'
#
;: <0 ;: <0 "( %##
( % .
$ %&' $ % $&' $ % $&'
!!" %
O
O
$ %&' $ %&'
# '&
"
*AP
4% .
%##
.
+
#
+
+
(
$
9 : %
!
&"
;: <0 "
$
.
#%
%
% .
. =<
# !
#
!
!
2
# $
-
8($
Router(config)# ip inspect name OUTBOUND tcp Router(config)# ip inspect name OUTBOUND udp
!
2
)
#
$
#
KI+I+I+I
.
!
Router(config)# access-list 101 permit ip 10.0.0.0 0.0.0.255 any Router(config)# access-list 101 deny ip any any
!=
!
)
Router(config)# interface e0/0 Router(config-if)# ip inspect OUTBOUND in Router(config-if)# ip access-group 101 in
*,
!
" !
& . + %## . O "
#
#
" #
!
+
%##
+
$ %&'
+ ,,,
$ %&'
# # #
#
O
O
$ %&'
&
" " "
.
=<;: <0
-
# 8 # 8 #
"
*AP
$ %&'
# '&
"
&
.
( % .
$ %&' $ % $&' $ % $&'
!!" %
4% .
A % . 6++
$
+ $
+
:
5
9 %
!
+
%##
&"
=<;: <0 "
$
&
.
#%
%
%.
. /
# !
#
!
!
2
#
-
$
Router(config)# ip inspect name INBOUND tcp
!
2
)
# KQ3+KL+I+3
%$
;
$
!
#
Router(config)# access-list 102 permit icmp any host 172.16.0.2 Router(config)# access-list 102 permit tcp any host 172.16.0.2 eq www Router(config)# access-list 102 deny ip any any
!=
!
)
Router(config)# interface e0/1 Router(config-if)# ip inspect INBOUND in Router(config-if)# ip access-group 102 in
!
" !
$
% &
'
*-
*AP - & . + %## .
&
O " "
# #
#
"
# # ,,, #
#
# # #
A
8 %##
% .
+
! !
A % . 6++
$
"
+
%##
+
$
:
8 8
+
5
9 % %
%
+
+
+ +
! (
%.
$ %&' $ % $&' $ % $&'
!!" % ! !
+
$ *AP
$ %&' &
O
O (
$ %&' $ %&'
"
" " " #
$ %&' $ %&' "
" "
*AP
.
% .%
" "
!
!
&"
" $
#%
/
# !
#
!
2
)
!
#
#
!
-
%$
#
(%P
Router(config)# access-list 103 permit icmp host 172.16.0.2 any Router(config)# access-list 103 deny ip any any
!
2
) .
# KQ3+KL+I+3
%$
;
$
!
#
!
Router(config)# access-list 104 permit icmp any host 172.16.0.2 Router(config)# access-list 104 permit tcp any host 172.16.0.2 eq www Router(config)# access-list 104 deny ip any any
!=
!
)
(%P
Router(config)# interface e1/0 Router(config-if)# ip access-group 103 in Router(config-if)# ip access-group 104 out
*
!
" !
+
% .F
# ##
!
+
% . 9 &
G
, , , , ,
$ % $ )(
# * !"% "
-
# '& %
* #%
# '& %
% .
' .
( 8 >=>B: > 8 >=>B: > 8 >=>B: < >
> ? < 8 < 8C
#
1
?&@A#
1 !
&
#
1
&@A#
1 !
!&
! #
1
&@A#
1
&
/=
!
##
'&
*
! '
#'
'
"
#%
&
' Q. % "R
%
0
%""
'
& "
0
/
. %"6 &
&
!
" !
$
'
% &
0
'
0
6
%
6
'
0
*.
% . 9 &
( ( ( ( (
G
."% ."% ."% ."% ."%
# H
9 &
$" .6 .6 7 %" .
1
&'
(
% .
# '2G
( ."% #
" !
#
.
&'
//
!# +
##
#
!
##
'&
*
#&
. "
%
4
%
4
4
4 4
! & & & &
' " &
4 . %" .
+
>D> +
##
5
"
0
'
" $0A
0
'
0A
0 0
" $0A
0
'
0A
0
0
& 6
'
0
&
"
0
&
" "
0 "
"
& ' "
&
' " ' 0 '
0
"" ""
0
'
0
'
&
0
! !
6 A
&
0
!
C /
'
0
!
" !
9
9 &
1
# '& %
# '2G
# 9 # 9
%"" '" $ . #%&"
# * "
%"
&
%"" ,
# 9 "
# '& % % . $
$ ".
'
%"" %
% ..
%
%
/3
8
##
#
-
# # # -. !
!
" !
! #
+
-
-
$
##
+
% &
'
+
4% E, 9 &
)
# '&
-
#
% !
+
!
#
. !+
■
+
■ ■
(
! !
■
+ +
4% F &%" !
!
#
+
+
!
" !
4% F &%" NI & ! . & "" % ( N 33 33 33
: =
-% ( ; O +
3
: = O %"" O =
;
. O + &. ( % /:
+% ( )
# '& !
!
4 '' ' % . &. + % "
.
-
!" !
!
! #
!
! +
#
-
!
Router(config)# logging on Router(config)# logging 10.0.P.3
& !=
$R
#
'
> Router(config)# ip inspect audit-trail
!
!/
#
Router(config)# end Router# write memory
+% ( ) * # !
!
% . !!"
!
9&"
-
% . $
4 $
Router(config)# ip inspect name FWRULE tcp timeout 300 Router(config)# ip inspect name FWRULE ftp timeout 300
!
( 222'+
%$
&
$
.
Router(config)# access-list 101 permit icmp any any Router(config)# access-list 101 permit tcp 10.0.P.0 0.0.0.255 any eq ftp !
" !
$
% &
'
+(
Router(config)# access-list 101 permit tcp 10.0.P.0 0.0.0.255 any eq www Router(config)# access-list 101 deny ip any any
& !=
$R
#
'
( 222'
%$ S
Router(config)# Router(config)# Router(config)# Router(config)# Router(config)#
&
access-list access-list access-list access-list access-list
$R
#
$ 102 102 102 102 102
+
&
$
.
permit eigrp any any permit icmp any any permit tcp any host 10.0.P.3 eq ftp permit tcp any host 10.0.P.3 eq www deny ip any any
'
!
!/
Router(config)# interface ethernet 0/0 Router(config-if)# ip inspect FWRULE in Router(config-if)# ip access-group 101 in
!
!3
Router(config-if)# interface ethernet 0/1 Router(config-if)# ip inspect FWRULE in Router(config-if)# ip access-group 102 in
!
!5
#
Router(config-if)# end Router# write memory
+% ( =) +
% .F #
-
.!
!
Router# show access-lists
#!
!
.
##
# -
.
C:\> ping 172.30.1.50 Pinging 172.30.0.50 with 32 bytes of data: Reply Reply Reply Reply
!=
8
from from from from
172.30.1.50: 172.30.1.50: 172.30.1.50: 172.30.1.50:
! 2 #$$%&'()*(%(+*
time=34ms time=34ms time=34ms time=36ms
TTL=125 TTL=125 TTL=125 TTL=125
. 8:) .
!/
bytes=32 bytes=32 bytes=32 bytes=32
$
2
+>
+ !#
$
C:\> ftp 172.30.1.50 ... User (10.0.0.3:(none)): anonymous ... Password: user@
!3
+*
(
!
!
!
!
" !
ftp> ls
!
!5
-
Router# Router# Router# Router# Router# Router#
show show show show show show
#!
!:
ip ip ip ip ip ip
## inspect inspect inspect inspect inspect inspect
!
name FWRULE config interfaces sessions sessions detail all
.
##
# -
!
*
C:\> ping 10.0.Q.3 Pinging 10.0.1.3 with 32 bytes of data: Reply Reply Reply Reply
8
from from from from
10.0.1.3: 10.0.1.3: 10.0.1.3: 10.0.1.3:
bytes=32 bytes=32 bytes=32 bytes=32
! 2 #$$%*(*(,()
8:)
5R
#
&
!
!
time=34ms time=34ms time=34ms time=36ms
TTL=125 TTL=125 TTL=125 TTL=125
!
*
*
+>
' $
!#
$
C:\> ftp 10.0.Q.3 ... User (10.0.1.3:(none)): anonymous ... Password: user@ (where Q = peer pod number)
!<
! Router# Router# Router# Router# Router# Router#
!
" !
show show show show show show
ip ip ip ip ip ip
## inspect inspect inspect inspect inspect inspect
!
name FWRULE config interfaces sessions sessions detail all
$
% &
'
++
&
% ##
0
!
+
&
# &
% & $% ! " %& $
-
!
%
## %& # . , % .% % ! , % . &
. # % !
( $ &'$ % ' %'% *
"" '
& % . % % (
/
+,
!
" !
■ ■ ■ ■ ■ ■
!
■
""
#
!
%
!" ! #
% " #* #
!$
# $ $%! & "" $ # "" ' % ( )
% %& $
#*
$ ,
%
&
! +
%& $
%
%
%""
#*
$
%& $
%
! +
$
" '
( # -% #
$ # '&
! %""
" %
&!!
.
/$ %""
!
" !
.& +
$
&$
0%
&
2
%$# 3// #
$
%
%& $ !
.
%
!
%
%& $ % 4% .5 *
# %!!" %
#2 ( % & & . %## #
&
%/
%""
&
%
% !
0% "
# 6%" . #
&$ +
. %& $
.
%
#%
%##
! #
'
&!!
% .
& . . 1
"
(
' %
!
) #
!
) %* )
! )
!
! ! " )
,
'
)
"
" / 01
"" %
2 " "
!
" !
)
%
+
- 3
( !
* .)
' -
.
-
.)
%
! -* )
$
.)
(3 4 *
%
%
&
'
2$% $
7
+
,
)
%
) 5
!
) !
(
"
% 5
, "
)
!
%
!
" !
&$ + :& %
% ! %
+
! " 9 3// # % ; % . %' 5;
$
+ %& $
=
%& $ %
+ !" 3/<; % . ' % . !% .
$ " $ &
% $ . " %. ! #" % . % ;
0% .
% % 1
+
#
%
%'
$ " $ % .
9
5;
& 8
+
,
)
% !
'
%
) 5
!
) " 1
% 5
, "
"
! "
%
) "
!
.
!
!
%
% "
) "
-
.
%3
#
)
-
6.
.
" )
. )
'
"
!
%
"
)
"
#
% ) " "
) "
)
%
"
"
,
% ) #
. "
% "
) "
%
" " !
)
"
" ' %
#
%+ "
)
"
,
% !
" !
$
%
&
)
&!! /
. 4
&& -/ -/
5 *
&& -? ?
//
%%
&& -/ -/
44
;;
&& -? ?
''
..
>
"
■
" ""
7
+
* -
■
/ "
2.
-
.
(* . 1* 8 -
7 7
-
(1* 8.
2 0
(
1
7
+
7
1* 8 -
-/ 0 1 . * -
(* . (1* 8.
7 7
*
!
" !
&$
% # '& %
.. ;; .. %% %% .. %## %## $$ .. %% $$
##
""
((
.. ;; "" .. %% %% .. %## %## ## $$ && ..
##
.
&
&& && .. A A %% "" $$ %& %% !! ++ %& $$ !! %% .. 3// %## $$ 3// %## ## ..
+
((
.
&& .. A A %% "" $$ %& %% !! ++ %& $$ !! %% .. 3// %## $$ 3// %## ## && ..
@
(
% #
5
!
5
!$
!
%
)
5
%
,
% " (
)
! ,
'
)
!
5 %1 %
,
!
" !
%
$
%
&
+
# '& % # /% ( )
/% (
# '& %
# /% ( )
# '& %
$
&
- A % " -
!
#
!
"
- * # -
""
%##
- A % " # /% ( =)
$
&
&$
%
-
. #%&" ."
-
%
9 3// ! +
% . %!!" %& $
# /% ( 1) 6
#
$
# # '& % %
!
$ +
&
&"
# '& %
' ■
'9
■
': 7
6 !
7 7
0
7 7
6 !
# ,
';
■
"
7 7 ■
,
'< 4
!
" !
# '& % %
%
%& $ ! + -/
A A %%
"" (( && %.. %..
%%
) % % %
" " ! )
!
"
'
%
% "
!
*
" % '!
!=
" %
6
!1
"
'!
% '
!7
!
" !
%
$
%
&
$
%
&$
#"
""
0% -/
%% " "
""
.. A A ;; %!!" %!!" %# %# && %& %% %& $$
&& $$
%% .. $% $% '' "" (( '' ." ." // 0 0
%%
! )
!8
A $$ A !! "" '' "" "" ## $$ && BB && 77 ## %"" %"" &&
'
%
=
!>
"
%
"
% '! %
!@
'!
! !
6
! "
!
6
" " -"
" !
%
'
!
! 9>
'! % .
"
% %
!
" !
&$
0%
#" $
% # * # #
&
$ %""
% " !
%..
-
$ &
"
% ..
%
%..
%" %
!"%
.
$
&
$ $
%..
#$
%( ' $
:&
"# " # /$ !
" ' "
"
&
7#
%"" &
! "# " =
1
! !
% !
/ 01
2
!
(
%
" ""
% % " '
5 % "
"
!
! proxyacl#n=permit protocol any any | host ip_addr | ip_addr wildcard_mask [eq auth_service] '&
*
!
1
! &.!
%
2
" 3
!
& 2
% &
4
$
&
6
&
% "
" !
5
6&
1
!
&
& "
:
!
!
9>
% $
%
&
# '& % ' !
%
A % "
5 &
C
# 'EF
# # A % " $ $ & . % " .E
#& C. #%&" D
%"
7
1
! "% 1 %
" -
"
!
"" "
&
. . 2
%
""
!2 4
&
! !
%
2
&
""
""
&
2
!
.
&2
! !
""
" !
"
"" 3
"
)
" !
"
% !
%
!
" !
!
5 &
C
#
&$
%
"
# 'EF
' % # * # &
$ "
# %& $
%
$ .
%$""
.
- < $ . )/
(
'
&
)
4 5 *
$
'*
'
'
+
8
) ""
%1
"
! !
""
% "" "
#
$
" '&
# *
!
2 %. & !
!
" !
$
$
7 % %
.
%
&
4!
'
! 5 &
C
#
&$
, $
#
- < $ . )/
)
'
& % ( $ .
#
(
"
# 'EF
% #
0%
.
% " %& $
4 5 *
%
+
$
'*
,
'
!
#
+
>
""
%1
) "
! ""
!
%
"" %
" %
'&
# "
# *
$
!
2 %. & !
(
$
4 .
7 % %
!
4!
" !
* #
%/ % .
5 &
C
#
( (
"
! # %..
5 &
$ /
C !
) )
G
# 'EF
# #
4
4
# 'EF
#
"
-
#
$ /
4
'* '*
# #
(
" "
-
@
2 !
""
) "
%1
%?
""
"
""
% "% ""
'&
*
! &
2
/
' ! &
-
2
! ' % 2
""
6
"
%1
"
"
" !
&
!
6 &
""
!
6
8 6 "
!
""
)
3
6 " 6
& 3
" 6
6
$
%
&
)
&
""
& & '&
* 1
*
! &
!
" !
* #
%5 * % . G
5 &
C
# 'EF
# #
"
! # %..
5 & #
C
$ 5 *
# 'EF
!
#
"
-
#
$ 5 *
(
( (
) )
'* '*
# #
" "
/ 01 ""
%1 "
%?
-
) "
-
"
!
""
"
""
% "% "
""
" " '&
*
! &
0 9:
' ! &
-
! ' % 2
""
6
"
/ 01 )
%1
"
"
!
" !
&
!
6 &
" ""
!
6
8 6 "
""
3
6 " 6
& 3
" 6
6
$
%
&
+
" "
&
""
*
!
& "
'&
&
1
,
&
!
" !
"" #
% $ # -
%
;
!
/
4 %##
$ #
$
%"" &
- *
%.. %
# <%
%
# *
%""
#
/ %## 5 & D %.. !
D
#%
$
$
.
<
$
%##
!!" $ .
;
$
#%
(
)
'*
#
(
)
'*
#
( ( ( (
) ) ) )
'* '* '* '#
# #
$
.
$
$
!
. *
#'
" / 01
"
2
%
1 @
■ ■
0
■
A
■
0
@ "
A
■
!
" !
$
%
&
A % "
$ 5 & #
5 &
C
9 3//
# 'EF
" # A % " 5 &
C
#
) )
$
&
# 'EF
$ 3// $ . -
( (
$ 3//
+ & &
%& $
%
$ 3// $% "
'* '*
% #
"
)
""
, ,
! ""
" '
!
" !
% "" ""
"
% ""
""
"
%
&$
%
+
# '& %
%
* #%&" ." /
5 &
C
# 'EF
# #
(
&$ &
#
0% % $ C. #%&" D 8
) #
# & %"& & E
'* #
#
=
"
-
"
)
"
" ! "" -
)
.) ""
%
)
"
% %& $ % $ " & % " 5! " . " & 5 " ! ; !. &
&
% <
; "
.
;
" "
! &
%
"
; "
&
""
!
" !
$
%
&
& %
8
'&
*
! & "
= ! (+!(,'!*(+ 2
5!
& " ! ! "
"
! &
&
&
&
* "
!
" !
&$ 5 &
C
* #
# 'EF
# #
% # 5 &
% . !!" % + 5&"
#
%
% %& $
C
# ' #EF
& 0%
! +
&"
0%
! +
&"
# #
!!"
% %& $
-
&
-
( ( (
& . %& $
%
& . %& $
) ) )
'* '* '#
%
#%
%!!"
%
%!!"
&
.
#%
.
#%
# *
# 1
) "" % "" %
"
!
"
) "" #
'&
*
$
!
= %& $ % $
"
>$
" &
?$ " & "
&&
* & &
3 %& $ % $
""
%
" .
% % " ! " = ! (+!(,'!*(+ 2 & ! %& $ ! +
) )
"
"" ""
%
"
%
""
!
" !
$
%
&
'
'&
*
! &
%
(
%
""
" & .
&
&
2 %& $
!
% %
!
" !
+
&$ 5 &
C
$
%
+ 5&" ;
# 'EF
# #
%
% %& $
(
)
'*
(
)
'*
( (
) )
'* '#
0%
!
+
&"
$% %
"
# # *
# 7
?
) % )
!
"" )
% ""
"
" %
""
'&
*
!
=
"
"
&
&
!
" !
" & % % .A
$
* < & @22
%
" ! &
&&
%
&
!
)
/
% .6
#
$
# '& %
%
% . 5 &
C
# 'EF
# #
'
# # * !"% % $ &
%
# '& % %
# %& $
!
% . +
>
1
!
""
)
) % !
!
'
'& % $
# '& % %
*
"" ' * 5 "
!
&
!
& %
9 9
". !
% ! &
@22 B= 2 ;! %
%
&
&
%
!
" !
% . 5 &
C
# 'EF
'
#
'
#
'
#
'
#
/
#
'
#
/
#
'
#
'
#
'
#
# 3 "!
$
#
& "
$
' @
" "
"" '
'&
'
'
*
#!
9
#&
%
$ !
. "
" !
(
"
'
'
2
%
% & @22
%
9
%
9
!
9
"
9
'
!
& %
&
2
%
2
9
!
'
9 9
%
(
% %
$
"
%
&
+
" % $
5 &
C
&$ % + % $
# 'EF
# #
" %
%& $
%
0 $ ! +
#
1 $
&
"" )' '& H
*
!
"
,
%
" !&
%
!
&
&
!
&
!
" !
;% A+ +
)
# '& 5 &
%
"
&$
%
! %
!
"
' *
■ ■ ■ ■
;% * %' % " !
%
;% * %' % D -
. & % ( D 77 77 77
> = 7
J% ( 2 I / I/ /
> = I
?
%""
I
= . 2
( % I / I/ /
=
!
" !
$
%
&
/% ( )
# '&
& '
!
-/
)
"
'
!
'
(
%
"
% ' *+ +
!=
,
-
% *
!1
%
*
!7
.+"
!8 !>
'
!@
'
" *+ +
/%
!"
% =
!
0
!
' 1"
,
!
%
-
=
(
B= (
!
! !
'! '!
% %
%
auth-proxy
'!
6
%
C
%
'!
!
( "
"
"
'!
!
"
!
proxyacl#1=permit tcp any any priv-lvl=15
'
! =
!" =
/% ( )
%
# '& )
!
%+ "
!
"
Router# configure terminal
!
6 ! Router(config)# aaa new-model
!= Router(config)# aaa authentication login default group tacacs+
!1 Router(config)# aaa authorization auth-proxy default group tacacs+
!7
0
2
'
Router(config)# tacacs-server host 10.0.P.3 Router(config)# tacacs-server key secretkey
@
"%.
!8 Router(config)# no access-list 101
'
!
" !
0
!>
% +++.% 3
'
Router(config)# Router(config)# Router(config)# Router(config)# Router(config)#
2 A
!
" 3
-
( access-list access-list access-list access-list access-list
101 101 101 101 101
permit tcp host 10.0.P.3 eq tacacs host 10.0.P.1 permit icmp any any permit tcp 10.0.P.0 0.0.0.255 any eq ftp permit tcp 10.0.P.0 0.0.0.255 any eq www deny ip any any
(where P = pod number, and Q = peer pod number)
6 !
!@
# ,
Router(config)# ip http server Router(config)# ip http authentication aaa
/% ( =)
# '&
&$
%
+
0
!
Router(config)# ip auth-proxy name APRULE http auth-cache-time 5
! Router(config)# interface ethernet 0/0 Router(config-if)# ip auth-proxy APRULE Router(config-if)# end
/% ( 1) /
% .6
#
)
!
!
&$
%
!
+ ""
' !
"
'
%
""
Router# show access-list Extended IP access list 101 __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ Extended IP access list 102 __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________
)
!
!
!
' !
"
"" ""
3
%
Router# show ip inspect sessions __________________________________________________________________ __________________________________________________________________
1
!=
!
"" %
!
' !
"
""
Router# show ip auth-proxy configuration Authentication global cache time is _____ minutes Authentication Proxy Rule Configuration !
" !
$
%
&
'
Auth-proxy name ____________ http list not specified auth-cache-time _____ minutes
!1
1
!
""
%
!
' !
"
""
Router# show ip auth-proxy statistics Authentication Proxy Statistics proxied client number _____
!7
1
! %
"" !
' !
"
""
Router# show ip auth-proxy cache __________________________________________________________________
"
!8
'
""
" )
! '!
C:\> ping 172.30.1.50 Pinging 172.30.1.50 with 32 bytes of data: Reply Reply Reply Reply
!>
1
from from from from
172.30.1.50: 172.30.1.50: 172.30.1.50: 172.30.1.50:
bytes=32 time=34ms TTL=125 bytes=32 time=34ms TTL=125 bytes=32 time=34ms TTL=125 bytes=32 time=36ms TTL=125
+ !!
! '!
+ !
%
1/
http://172.30.1.50
!@
6
+ !!
"
"
Username: aaauser Password: aaapass
!
1 !
!
"" "
'
%
!
'
""
Router# show access-list Extended IP access list 101 __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ Extended IP access list 102 __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ On your router, use the show ip inspect sessions command to see CBAC sessions: Router# show ip inspect sessions __________________________________________________________________ __________________________________________________________________
'
!
" !
__________________________________________________________________ __________________________________________________________________ __________________________________________________________________
1
!
! %
"" !
' !
"
""
Router# show ip auth-proxy statistics Authentication Proxy Statistics proxied client number _____
1
!
! %
"" !
' !
"
""
Router# show ip auth-proxy cache __________________________________________________________________ __________________________________________________________________
!
" !
$
%
&
''
&
% ""
%
& # /$ # %&
%"" %& $ $ # "" '
&!!
-/
% %
! + !
" )
4
-5 * # #
%
%& $ %""
&$ % $ &'$ %& $ %
% . !
+
$ 3//
%
$ " ' %"" %"" %#
&
' ==
'(
!
" !
!
#
!
"
! !
$
%
%
&
" '
!
"
(
!
!
$ monitor> interface [num]
'
$
monitor> address [IP_address]
'
!
)
*$
monitor> gateway [IP_address]
+
$
monitor> ping [server_addres]
,
$
monitor> server [IP_address]
,
$
monitor> file [name]
'
$
monitor> tftp
#
! " $
#
! # $00 "
1 !
"
. 0 ##.
-
/! 0
0 !
! *$
" "
" !
2
)##.* ) 0 0
!
! "
"
$
C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette
!
Enter the source file name: pixXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : <Enter> Number of sectors per track for this disk is 18 Writing image to drive A:. Press ^C to abort. Track: 78 Head: 1 Sector: 16 Done. C:\>
%
!
! %
&
! 3!
" "
"1 !
!
#
&
"
!
"
$ ##. ) $00
! /! "
"
0
1 !
0
0
0
0 !
##.
-
% "
! /!
"
0
-
" "
##. ) $00
!
*$
0
!
!
*$ 0
0
0 !
"
" !
2
!
! "
"
$
C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette Enter the source file name: bhXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : <Enter> Number of sectors per track for this disk is 18 Writing image to drive A:. Press ^C to abort. Track: 78 Head: 1 Sector: 16 Done. C:\>
%
!
&
! 4
% " %
! 3!
"
!
!
(
!
$
boothelper> interface [num]
'
5
$
boothelper> address [IP_address]
'
!
)
*$
boothelper> gateway [IP_address]
!
!
"
#
$
% %
%
&
+
$
boothelper> ping [server_addres]
,
$
boothelper> server [IP_address]
,
$
boothelper> file [name]
'
"$
boothelper> tftp
! % !
'
% &
" 6! & "1 !
"
!
! " # ! "
! " # /! & ##. ) $00
"
&
%
"# $ !
/! "
"
1 !
0
0
0
0
0 !
##.
-
!
*$ " "
" !
4
! "
!
( $
!
"
C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette Enter the source file name: npXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : <Enter> Number of sectors per track for this disk is 18 Writing image to drive A:. Press ^C to abort. Track: 78 Head: 1 Sector: 16 Done. C:\>
%
!
&
! 3!
"7
(
" Do you wish to erase the passwords? [yn] y Passwords have been erased
!
%
"
! " # /!
"# $
##. ) $00 1 ! !
! /! "
"
0
0
0
0
0 !
##. !
!
*$ " "
"
#
$
% %
%
%
8
%
! 3!
!
" %
!
!
%
%
&
"
'
!
$
monitor> interface [num]
'
5
$
monitor> address [IP_address]
'
!
)
$
monitor> gateway [IP_address]
+
$
monitor> ping [server_addres]
,
$
monitor> server [IP_address]
,
$
monitor> file [name]
'
$
monitor> tftp
7
(
"
Do you wish to erase the passwords? [yn] y Passwords have been erased
!
(
%
"
!