·À»ðǽÊDZʼDZ¾³ö³§¾ÍÓеÄÂð

ÒѾٱ¨ »Ø´ð
·À»ðǽÊDZʼDZ¾³ö³§¾ÍÓеÄÂð
ÎÊÔÚÏß¿Í·þ
ɨÂëÎÊÔÚÏß¿Í·þ
  • »Ø´ðÊý

    8

  • ä¯ÀÀÊý

    4,915

8¸ö»Ø´ð ĬÈÏÅÅÐò
  • ĬÈÏÅÅÐò
  • °´Ê±¼äÅÅÐò

ÒѲÉÄÉ
µçÄԵķÀ»ðǽÊÇËæ×Å°²×°ÏµÍ³¹ý³ÌÖб»°²×°µÄ£¬²¢²»Êdzö³§Ê±¾ÍÓеġ£
È¡Ïû ÆÀÂÛ
²»ÊÇ£¬ÊÇװϵͳµÄʱºòÓеģ¬ºÜ¶àÈ˶¼¹Ø±Õϵͳ×Ô´øµÄ·À»ðǽװµÚÈý·½·À»ðǽµÄ
È¡Ïû ÆÀÂÛ
ÖØװϲ»¾ÍµÃÁË,È«²¿¾Í»¹Ô­Ä¬ÈÏÁË,¸²¸Ç¹ýÈ¥¾Í¿ÉÒÔÁË°É
È¡Ïû ÆÀÂÛ
ÄãÔõô֪µÀÊÇ·À»ðǽ°ÑLOL½ûÁË£¿
È¡Ïû ÆÀÂÛ
»ú×Ó±³ÃæÓа´Å¥£¬°´ÏÂÈ¥¾Í¿ÉÒÔÁË£¬È»ºóͨ¹ýºóÃæµÄÊý×ÖÖØÐÂÉèÖÃÃÜÂë
È¡Ïû ÆÀÂÛ
ÔÚPIX·À»ðǽÓÃÔ¤¹²ÏíÃÜÔ¿ÅäÖÃIPSec¼ÓÃÜÖ÷ÒªÉæ¼°µ½4¸ö¹Ø¼üÈÎÎñ£º Ò»¡¢ÎªIPSec×ö×¼±¸ ΪIPSec×ö×¼±¸Éæ¼°µ½È·¶¨ÏêϸµÄ¼ÓÃܲßÂÔ£¬°üÀ¨È·¶¨ÎÒÃÇÒª±£»¤µÄÖ÷»úºÍÍøÂ磬ѡÔñÒ»ÖÖÈÏÖ¤·½·¨£¬È·¶¨ÓйØIPSec¶ÔµÈÌåµÄÏêϸÐÅÏ¢£¬È·¶¨ÎÒÃÇËùÐèµÄIPSecÌØÐÔ£¬²¢È·ÈÏÏÖÓеķÃÎÊ¿ØÖÆÁбíÔÊÐíIPSecÊý¾ÝÁ÷ͨ¹ý£» ²½Öè1£º¸ù¾Ý¶ÔµÈÌåµÄÊýÁ¿ºÍλÖÃÔÚIPSec¶ÔµÈÌå¼äÈ·¶¨Ò»¸öIKE£¨IKE½×¶Î1£¬»òÕßÖ÷ģʽ£©²ßÂÔ£» ²½Öè2£ºÈ·¶¨IPSec£¨IKE½×¶Î2£¬»ò¿ì½Ýģʽ£©²ßÂÔ£¬°üÀ¨IPSec¶ÔµÈÌåµÄϸ½ÚÐÅÏ¢£¬ÀýÈçIPµØÖ·¼°IPSec±ä»»¼¯ºÍģʽ£» ²½Öè3£ºÓá±write terminal¡±¡¢¡±show isakmp¡±¡¢¡±show isakmp policy¡±¡¢¡±show crypto map ¡°ÃüÁî¼°ÆäËû¡±show¡±ÃüÁîÀ´¼ì²éµ±Ç°µÄÅäÖã» ²½Öè4£ºÈ·ÈÏÔÚûÓÐʹÓüÓÃÜÇ°ÍøÂçÄܹ»Õý³£¹¤×÷£¬Óá±ping¡±ÃüÁî²¢ÔÚ¼ÓÃÜÇ°ÔËÐвâÊÔÊý¾ÝÁ÷À´Åųý»ù±¾µÄ·ÓɹÊÕÏ£» ²½Öè5£ºÈ·ÈÏÔڱ߽ç·ÓÉÆ÷ºÍPIX·À»ðǽÖÐÒÑÓеķÃÎÊ¿ØÖÆÁбíÔÊÐíIPSecÊý¾ÝÁ÷ͨ¹ý£¬»òÕßÏëÒªµÄÊý¾ÝÁ÷½«¿ÉÒÔ±»¹ýÂ˳öÀ´¡£ ¶þ¡¢ÅäÖÃIKE ÅäÖÃIKEÉæ¼°µ½ÆôÓÃIKE£¨ºÍisakmpÊÇͬÒå´Ê£©£¬´´½¨IKE²ßÂÔ£¬ºÍÑéÖ¤ÎÒÃǵÄÅäÖã» ²½Öè1£ºÓá±isakmp enable¡±ÃüÁîÀ´ÆôÓûò¹Ø±ÕIKE£» ²½Öè2£ºÓá±isakmp policy¡±ÃüÁî´´½¨IKE²ßÂÔ£» ²½Öè3£ºÓá±isakmp key¡±ÃüÁîºÍÏà¹ØÃüÁîÀ´ÅäÖÃÔ¤¹²ÏíÃÜÔ¿£» ²½Öè4£ºÓá±show isakmp [policy]¡±ÃüÁîÀ´ÑéÖ¤IKEµÄÅäÖᣠÈý¡¢ÅäÖÃIPSec IPSecÅäÖðüÀ¨´´½¨¼ÓÃÜÓ÷ÃÎÊ¿ØÖÆÁÐ±í£¬¶¨Òå±ä»»¼¯£¬´´½¨¼ÓÃÜͼÌõÄ¿£¬²¢½«¼ÓÃܼ¯Ó¦Óõ½½Ó¿ÚÉÏÈ¥£» ²½Öè1£ºÓÃaccess-listÃüÁîÀ´ÅäÖüÓÃÜÓ÷ÃÎÊ¿ØÖÆÁÐ±í£» ÀýÈ磺 access-list acl-name {permit|deny} protocol src_addr src_mask [operator port [port]] dest_addr dest_mask [operator prot [port]] ²½Öè2£ºÓÃcrypto ipsec transform-set ÃüÁîÅäÖñ任¼¯£» ÀýÈ磺 crypto ipsec transform-set transform-set-name transform1 [transform2 [transform3]] ²½Öè3£º£¨ÈÎÑ¡£©ÓÃcrypto ipsec security-association lifetimeÃüÁîÀ´ÅäÖÃÈ«¾ÖÐÔµÄIPSec °²È«¹ØÁªµÄÉú´æÆÚ£» ²½Öè4£ºÓÃcrypto map ÃüÁîÀ´ÅäÖüÓÃÜͼ£» ²½Öè5£ºÓÃinterface ÃüÁîºÍcrypto map map-name interfaceÓ¦Óõ½½Ó¿ÚÉÏ£» ²½Öè6£ºÓø÷ÖÖ¿ÉÓõÄshowÃüÁîÀ´ÑéÖ¤IPSecµÄÅäÖᣠËÄ¡¢²âÊÔºÍÑéÖ¤IPSec ¸ÃÈÎÎñÉæ¼°µ½Ê¹ÓÃshow ¡¢debugºÍÏà¹ØµÄÃüÁîÀ´²âÊÔºÍÑéÖ¤IPSec¼ÓÃܹ¤×÷ÊÇ·ñÕý³££¬²¢ÎªÖ®Åųý¹ÊÕÏ¡£ [page] ÑùÀý£º PIX 1µÄÅäÖ㺠!configure the IP address for each PIX Firewall interface ip address outside 192.168.1.1 255.255.255.0 ip address inside 10.1.1.3 255.255.255.0 ip address dmz 192.168.11.1 255.255.255.0 global (outside) 1 192.168.1.10-192.168.1.254 netmask 255.255.255.0 !creates a global pooll on the outside interface,enables NAT. !windows NT server static (inside,outside) 192.168.1.10 10.1.1.4 netmask 255.255.255.0 !Crypto access list specifiles between the global and the inside !server beind PIX Firewalls is encrypted ,The source !and destination IP address are the global IP addresses of the statics. Access-list 101 permit ip host 192.168.1.10 host 192.168.2.10 !The conduit permit ICMP and web access for testing. Conduit permit icmp any any Conduit permit tcp host 192.168.1.10 eq www any route outside 0.0.0.0 0.0.0.0 192.168.1.2 1 !Enable IPSec to bypass access litst,access ,and confuit restrictions syspot connnection permit ipsec !Defines a crypto map transform set to user esp-des crypto ipsec transform-set pix2 esp-des crypto map peer2 10 ipsec-isakmp! ÍêÈ«ÅäÖ㺠ip address outside 202.105.113.194 255.255.255.0 /*¿´µçПøÄãµÄIP ip address inside 192.168.1.1 255.255.255.0 ! global (outside) 1 202.105.113.195-202.105.113.200 global (outside) 1 202.105.113.201 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 202.105.113.203 192.168.1.10 netmask 255.255.255.255 0 0 static (inside,outside) 202.105.113.205 192.168.1.11netmask 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp host 202.105.113.203 eq www any conduit permit tcp host 202.105.113.203 eq ftp any conduit permit tcp host 202.105.113.205 eq smtp any conduit permit tcp host 202.105.113.205 eq pop3 any ! route outside 0.0.0.0 0.0.0.0 202.105.113.193 1 route inside 0.0.0.0 0.0.0.0 192.168.1.1
È¡Ïû ÆÀÂÛ
Èç¹ûÓ²ÅÌûÓÐÈ«²¿¸ñʽ»¯£¬¿ÉÒÔʹÓûָ´³ö³§ÉèÖã¬ÒòΪ³ö³§Ç°£¬¶¼ÓÐÒ»¸ö»Ö¸´Ó²ÅÌ100¶àMBÒþ²Ø·ÖÇø£¬µã¿ØÖÆÃæ°å¡¢±¸·ÝÄúµÄ¼ÆËã»ú¡¢»Ö¸´ÏµÍ³ÉèÖûòϵͳ¡¢¸ß¼¶»Ö¸´·½·¨¡¢»Ö¸´³ö³§ÉèÖü´¿É¡£
Ò»¼ü»Ö¸´¹¦ÄÜ£¬ÈçÁªÏë±Ê¼Ç±¾£¬Èç¹ûϵͳ·ÖÇøûÓÐ×ö¹ý¸ü¸Ä£¬ÄÇô¿ÉÒÔʹÓÃÒ»¼ü»Ö¸´¹¦ÄÜ£¬Ê¹Ó÷½·¨ÊÇ£ºÊ×ÏÈ£¬ÔڹػúµÄÇé¿öÏ£¬°´µçÔ´¿ª¹Ø¼üÅԱߵÄС¼ü(Ïñ¸öתÍäµÄ¼ýÍ·µÄ)£¬Õâʱ¾Í»á½øÈëÁªÏëÒ»¼ü»Ö¸´µÄϵͳ¡£
Ê×ÏȹرռÆËã»ú¡£ÔÚ¼ÆËã»ú¹Ø±Õ״̬Ï°´×¡Êý×Ö¼ü0²»ÒªËÉÊÖ,È»ºó°´¿ª»ú¼üÒ»´Î,ÖªµÀ³öÏÖ¼ÓÔؽçÃæºóÊý×Ö¼ü0²ÅÄÜËÉÊÖ£¬ÆÁÄ»ÉϳöÏÖ¼ÓÔØ˵Ã÷Windows is loading files.......£¬¼ÓÔØÍê³Éºó»á³öÏÖ¾¯¸æ½çÃ棬¾¯¸æÖ´Ðлָ´Êý¾ÝºóËùÓÐÊý¾Ý»á±»É¾³ý»òÖØд£¬²¢ÇÒÌáʾÁ¬½ÓACÊÊÅäÆ÷£¬µ¥»÷ÊǼÌÐø¡£
ÓÉÓÚ»Ö¸´Ê±¼ä½Ï³¤£¬Çë²»ÒªÔÚûÓÐÁ¬½ÓÊÊÅäÆ÷µÄÇé¿öÖ´Ðд˲Ù×÷£¬ÔÚËæºó³öÏֵġ°Ñ¡Ôñ»Ö¸´·½Ê½¡±´°¿ÚÖÐÏÔʾÈçÏÂÁ½¸öµ¥ÔªÑ¡Ï * »Ö¸´³ö³§Ä¬ÈÏÉèÖ㬠*²Á³ýÓ²ÅÌ¡£Ñ¡Ôñ»Ö¸´³ö³§Ä¬ÈÏÉèÖü´¿É¡£Èç¹ûÊÇÖ»ÏëÖØװϵͳ¾ÍÑ¡Ôñ²Á³ýÓ²ÅÌ¡£
È¡Ïû ÆÀÂÛ
ÄãËù°²×°µÄϵͳ»áÓиö·À»ðǽ£¬È»ºó360 ÌÚѶ¹Ü¼ÒÒÔ¼°¸÷ÖÖ°²È«Èí¼þɱ¶¾Èí¼þÒ²»á´øÒ»¸ö·À»ðǽ£¬Ò²¾ÍÊÇ˵һ°ãÓÐÁ½¸ö·À»ðǽ
È¡Ïû ÆÀÂÛ
ZOLÎÊ´ð > ÄÚ´æ > ÆäËû·ÖÀà > ·À»ðǽÊDZʼDZ¾³ö³§¾ÍÓеÄÂð

¾Ù±¨

¸ÐлÄúΪÉçÇøµÄºÍг¹±Ï×Á¦Á¿ÇëÑ¡Ôñ¾Ù±¨ÀàÐÍ

¾Ù±¨³É¹¦

¾­¹ýºËʵºó½«»á×ö³ö´¦Àí
¸ÐлÄúΪÉçÇøºÍг×ö³ö¹±Ï×

ɨÂë²ÎÓëÐÂÆ·0ÔªÊÔÓÃ
ɹµ¥¡¢¶¥Â¥ºÀÀñµÈÄãÄÃ

ɨһɨ£¬¹Ø×¢ÎÒÃÇ
Ìáʾ

È·¶¨ÒªÈ¡Ïû´Ë´Î±¨Ãû£¬Í˳ö¸Ã»î¶¯£¿