用3662做NAT＋Firewall的配置实例

Building configuration...

Current configuration : 1966 bytes

!

! Last configuration change at 18:34:27 UTC Fri Nov 29 2002

! NVRAM config last updated at 18:01:28 UTC Fri Nov 29 2002

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname cisco3662

!

enable secret 5

enable password 7

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

ip inspect name internetin cuseeme timeout 3600

ip inspect name internetin ftp timeout 3600

ip inspect name internetin h323 timeout 3600

ip inspect name internetin http timeout 3600

ip inspect name internetin rcmd timeout 3600

ip inspect name internetin realaudio timeout 3600

ip inspect name internetin smtp timeout 3600

ip inspect name internetin sqlnet timeout 3600

ip inspect name internetin streamworks timeout 3600

ip inspect name internetin tcp timeout 3600

ip inspect name internetin tftp timeout 30

ip inspect name internetin udp timeout 15

ip inspect name internetin vdolive timeout 3600

ip audit notify log

ip audit po max-events 100

!

!

interface FastEthernet0/0

ip address 211.123.212.2 255.255.255.128

ip nat outside

ip inspect internetin in

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 172.16.255.106 255.255.255.224

ip nat inside

duplex auto

speed auto

!

ip nat pool outpool 211.123.212.65 211.123.212.85 netmask 255.255.255.128

ip nat inside source list 11 pool outpool overload

ip classless

ip route 0.0.0.0 0.0.0.0 211.123.212.1

ip route 172.16.0.0 255.255.0.0 FastEthernet1/0

ip route 192.168.0.0 255.255.0.0 FastEthernet1/0

no ip http server

!

access-list 11 permit 172.16.0.0 0.0.255.255

access-list 11 permit 192.168.0.0 0.0.255.255

!

!

line con 0

exec-timeout 5 0

line aux 0

line vty 0 4

exec-timeout 5 0

password 7

login

!

end