配置Cisco PIX 防火墙实现双出口

2007-09-13 作者:bitsCN整理来源:中国网管联盟点评 投稿 收藏

　　3.2双出口实现

网管bitscn_com

　　A、网通IP网段定义

网管有家bitscn.net

object-group network wtnetwork network-object 58.16.0.0 255.248.0.0 network-object 58.100.0.0 255.254.0.0 network-object 58.240.0.0 255.240.0.0 network-object 60.0.0.0 255.248.0.0 network-object 60.8.0.0 255.252.0.0 network-object 60.12.0.0 255.255.0.0 network-object 60.13.0.0 255.255.192.0 network-object 60.13.128.0 255.255.128.0 network-object 60.16.0.0 255.240.0.0 network-object 60.24.0.0 255.248.0.0 network-object 60.31.0.0 255.255.0.0 network-object 60.208.0.0 255.248.0.0 network-object 60.216.0.0 255.254.0.0 network-object 60.220.0.0 255.252.0.0 network-object 61.48.0.0 255.252.0.0 network-object 61.52.0.0 255.254.0.0 network-object 61.54.0.0 255.255.0.0 network-object 61.55.0.0 255.255.0.0 network-object 61.133.0.0 255.255.128.0 network-object 61.134.64.0 255.255.192.0 network-object 61.134.128.0 255.255.128.0 network-object 61.135.0.0 255.255.0.0 network-object 61.136.0.0 255.255.0.0 network-object 61.138.0.0 255.255.128.0 network-object 61.139.128.0 255.255.192.0 network-object 61.148.0.0 255.255.0.0 network-object 61.149.0.0 255.255.0.0 network-object 61.156.0.0 255.255.0.0 network-object 61.158.0.0 255.255.0.0 network-object 61.159.0.0 255.255.192.0 network-object 61.161.0.0 255.255.192.0 network-object 61.161.128.0 255.255.128.0 network-object 61.162.0.0 255.255.0.0 network-object 61.163.0.0 255.255.0.0 network-object 61.167.0.0 255.255.0.0 network-object 61.168.0.0 255.255.0.0 network-object 61.176.0.0 255.255.0.0 network-object 61.179.0.0 255.255.0.0 network-object 61.180.128.0 255.255.128.0 network-object 61.181.0.0 255.255.0.0 network-object 61.182.0.0 255.255.0.0 network-object 61.189.0.0 255.255.128.0 network-object 124.90.0.0 255.254.0.0 network-object 124.162.0.0 255.255.0.0 network-object 202.32.0.0 255.224.0.0 network-object 202.96.64.0 255.255.224.0 network-object 202.97.128.0 255.255.128.0 network-object 202.98.0.0 255.255.224.0 network-object 202.99.0.0 255.255.0.0 network-object 202.102.128.0 255.255.192.0 network-object 202.102.224.0 255.255.254.0 network-object 202.106.0.0 255.255.0.0 network-object 202.107.0.0 255.255.128.0 network-object 202.108.0.0 255.255.0.0 network-object 202.110.0.0 255.255.128.0 network-object 202.110.192.0 255.255.192.0 network-object 202.111.128.0 255.255.192.0 network-object 203.79.0.0 255.255.0.0 network-object 203.80.0.0 255.255.0.0 network-object 203.81.0.0 255.255.224.0 network-object 203.86.32.0 255.255.224.0 network-object 203.86.64.0 255.255.224.0 network-object 203.90.0.0 255.255.128.0 network-object 203.90.128.0 255.255.192.0 network-object 203.90.192.0 255.255.224.0 network-object 203.92.0.0 255.254.0.0 network-object 210.12.0.0 255.255.128.0 network-object 210.12.192.0 255.255.192.0 network-object 210.13.0.0 255.255.255.0 network-object 210.14.160.0 255.255.224.0 network-object 210.14.192.0 255.255.192.0 network-object 210.15.0.0 255.255.128.0 network-object 210.15.128.0 255.255.192.0 network-object 210.16.128.0 255.255.192.0 network-object 210.21.0.0 255.255.0.0 network-object 210.22.0.0 255.255.0.0 network-object 210.51.0.0 255.255.0.0 network-object 210.52.0.0 255.254.0.0 network-object 210.52.128.0 255.255.128.0 network-object 210.53.0.0 255.255.0.0 network-object 210.74.64.0 255.255.192.0 network-object 210.74.128.0 255.255.192.0 network-object 210.78.0.0 255.255.224.0 network-object 210.82.0.0 255.254.0.0 network-object 211.100.0.0 255.255.0.0 network-object 211.101.0.0 255.255.192.0 network-object 211.147.0.0 255.255.0.0 network-object 211.167.96.0 255.255.224.0 network-object 218.4.0.0 255.252.0.0 network-object 218.10.0.0 255.254.0.0 network-object 218.21.128.0 255.255.128.0 network-object 218.24.0.0 255.254.0.0 network-object 218.26.0.0 255.255.0.0 network-object 218.27.0.0 255.255.0.0 network-object 218.28.0.0 255.254.0.0 network-object 218.56.0.0 255.252.0.0 network-object 218.60.0.0 255.254.0.0 network-object 218.62.0.0 255.255.128.0 network-object 218.67.128.0 255.255.128.0 network-object 218.68.0.0 255.254.0.0 network-object 218.109.159.0 255.255.255.0 network-object 219.141.128.0 255.255.128.0 network-object 219.142.0.0 255.254.0.0 network-object 219.154.0.0 255.254.0.0 network-object 219.156.0.0 255.254.0.0 network-object 219.158.0.0 255.255.0.0 network-object 219.159.0.0 255.255.192.0 network-object 220.248.0.0 255.252.0.0 network-object 220.252.0.0 255.255.0.0 network-object 221.0.0.0 255.252.0.0 network-object 221.4.0.0 255.254.0.0 network-object 221.6.0.0 255.255.0.0 network-object 221.7.128.0 255.255.128.0 network-object 221.8.0.0 255.254.0.0 network-object 221.10.0.0 255.255.0.0 network-object 221.11.0.0 255.255.128.0 network-object 221.12.0.0 255.252.0.0 network-object 221.12.0.0 255.255.128.0 network-object 221.12.128.0 255.255.192.0 network-object 221.192.0.0 255.252.0.0 network-object 221.195.0.0 255.255.0.0 network-object 221.196.0.0 255.254.0.0 network-object 221.199.0.0 255.255.224.0 network-object 221.199.32.0 255.255.240.0 network-object 221.199.128.0 255.255.192.0 network-object 221.199.192.0 255.255.240.0 network-object 221.200.0.0 255.252.0.0 network-object 221.204.0.0 255.254.0.0 network-object 221.207.0.0 255.255.192.0 network-object 221.208.0.0 255.240.0.0 network-object 221.208.0.0 255.252.0.0 network-object 221.213.0.0 255.255.0.0 network-object 221.214.0.0 255.254.0.0 network-object 222.128.0.0 255.252.0.0 network-object 222.132.0.0 255.252.0.0 network-object 222.136.0.0 255.248.0.0 network-object 222.160.0.0 255.252.0.0 network-object 222.163.0.0 255.255.224.0 网管有家www.bitscn.net

　　B、定义Access-list 为作NAT准备网管u家bitscn.net

　　access-list 101 permit ip 192.168.0.0 object-group wtnetwork

网管u家u.bitscn@com

　　#内部网络到网通IP网段的Access-list 网管u家bitscn.net

　　access-list 104 permit ip 192.168.0.0 255.255.255.0 any 网管有家www.bitscn.net

　　#内部网络到任何IP的Access-list 网管论坛bbs_bitsCN_com

　　C、NAT配置网管联盟bitsCN_com

　　global （outside） 1 interface

网管联盟bitsCN_com

　　#定义NAT ID 1为网通的出口ip 中国网管论坛bbs.bitsCN.com

　　global （teloutside） 4 interface

网管u家u.bitscn@com

　　#定义NAT ID 4为电信的出口ip

网管论坛bbs_bitsCN_com

　　nat （inside） 1 access-list 101 网管网www_bitscn_com

　　#定义符合access-list 101（就是内部到网通IP网段）就转换成NAT ID 1的IP（网通的出口）中国网管联盟bitsCN.com

　　nat （inside） 5 access-list 105

网管联盟bitsCN@com

　　#定义符合access-list 101（就是内部到网通IP网段）就转换成NAT ID 1的IP（网通的出口）网管网www_bitscn_com

　　注意：nat （inside） 1 access-list 101一定要在nat （inside） 5 access-list 105前面。网管论坛bbs_bitsCN_com

　　D、Route路由配置

网管有家bitscn.net

#####添加默认路由往电信的网关出去################ route teloutside 0.0.0.0 0.0.0.0 202.99.114.126 1 ################################################## #######添加静态路由往网通IP网段往网通的网关出去###### route outside 58.16.0.0 255.248.0.0 224.254.14.161 route outside 58.100.0.0 255.254.0.0 224.254.14.161 route outside 58.240.0.0 255.240.0.0 224.254.14.161 route outside 60.0.0.0 255.248.0.0 224.254.14.161 route outside 60.8.0.0 255.252.0.0 224.254.14.161 route outside 60.12.0.0 255.255.0.0 224.254.14.161 route outside 60.13.0.0 255.255.192.0 224.254.14.161 route outside 60.13.128.0 255.255.128.0 224.254.14.161 route outside 60.16.0.0 255.240.0.0 224.254.14.161 route outside 60.24.0.0 255.248.0.0 224.254.14.161 route outside 60.31.0.0 255.255.0.0 224.254.14.161 route outside 60.208.0.0 255.248.0.0 224.254.14.161 route outside 60.216.0.0 255.254.0.0 224.254.14.161 route outside 60.220.0.0 255.252.0.0 224.254.14.161 route outside 61.48.0.0 255.252.0.0 224.254.14.161 route outside 61.52.0.0 255.254.0.0 224.254.14.161 route outside 61.54.0.0 255.255.0.0 224.254.14.161 route outside 61.55.0.0 255.255.0.0 224.254.14.161 route outside 61.133.0.0 255.255.128.0 224.254.14.161 route outside 61.134.64.0 255.255.192.0 224.254.14.161 route outside 61.134.128.0 255.255.128.0 224.254.14.161 route outside 61.135.0.0 255.255.0.0 224.254.14.161 route outside 61.136.0.0 255.255.0.0 224.254.14.161 route outside 61.138.0.0 255.255.128.0 224.254.14.161 route outside 61.139.128.0 255.255.192.0 224.254.14.161 route outside 61.148.0.0 255.255.0.0 224.254.14.161 route outside 61.149.0.0 255.255.0.0 224.254.14.161 route outside 61.156.0.0 255.255.0.0 224.254.14.161 route outside 61.158.0.0 255.255.0.0 224.254.14.161 route outside 61.159.0.0 255.255.192.0 224.254.14.161 route outside 61.161.0.0 255.255.192.0 224.254.14.161 route outside 61.161.128.0 255.255.128.0 224.254.14.161 route outside 61.162.0.0 255.255.0.0 224.254.14.161 route outside 61.163.0.0 255.255.0.0 224.254.14.161 route outside 61.167.0.0 255.255.0.0 224.254.14.161 route outside 61.168.0.0 255.255.0.0 224.254.14.161 route outside 61.176.0.0 255.255.0.0 224.254.14.161 route outside 61.179.0.0 255.255.0.0 224.254.14.161 route outside 61.180.128.0 255.255.128.0 224.254.14.161 route outside 61.181.0.0 255.255.0.0 224.254.14.161 route outside 61.182.0.0 255.255.0.0 224.254.14.161 route outside 61.189.0.0 255.255.128.0 224.254.14.161 route outside 124.90.0.0 255.254.0.0 224.254.14.161 route outside 124.162.0.0 255.255.0.0 224.254.14.161 route outside 202.32.0.0 255.224.0.0 224.254.14.161 route outside 202.96.64.0 255.255.224.0 224.254.14.161 route outside 202.97.128.0 255.255.128.0 224.254.14.161 route outside 202.98.0.0 255.255.224.0 224.254.14.161 route outside 202.99.0.0 255.255.0.0 224.254.14.161 route outside 202.102.128.0 255.255.192.0 224.254.14.161 route outside 202.102.224.0 255.255.254.0 224.254.14.161 route outside 202.106.0.0 255.255.0.0 224.254.14.161 route outside 202.107.0.0 255.255.128.0 224.254.14.161 route outside 202.108.0.0 255.255.0.0 224.254.14.161 route outside 202.110.0.0 255.255.128.0 224.254.14.161 route outside 202.110.192.0 255.255.192.0 224.254.14.161 route outside 202.111.128.0 255.255.192.0 224.254.14.161 route outside 203.79.0.0 255.255.0.0 224.254.14.161 route outside 203.80.0.0 255.255.0.0 224.254.14.161 route outside 203.81.0.0 255.255.224.0 224.254.14.161 route outside 203.86.32.0 255.255.224.0 224.254.14.161 route outside 203.86.64.0 255.255.224.0 224.254.14.161 route outside 203.90.0.0 255.255.128.0 224.254.14.161 route outside 203.90.128.0 255.255.192.0 224.254.14.161 route outside 203.90.192.0 255.255.224.0 224.254.14.161 route outside 203.92.0.0 255.254.0.0 224.254.14.161 route outside 210.12.0.0 255.255.128.0 224.254.14.161 route outside 210.12.192.0 255.255.192.0 224.254.14.161 route outside 210.13.0.0 255.255.255.0 224.254.14.161 route outside 210.14.160.0 255.255.224.0 224.254.14.161 route outside 210.14.192.0 255.255.192.0 224.254.14.161 route outside 210.15.0.0 255.255.128.0 224.254.14.161 route outside 210.15.128.0 255.255.192.0 224.254.14.161 route outside 210.16.128.0 255.255.192.0 224.254.14.161 route outside 210.21.0.0 255.255.0.0 224.254.14.161 route outside 210.22.0.0 255.255.0.0 224.254.14.161 route outside 210.51.0.0 255.255.0.0 224.254.14.161 route outside 210.52.0.0 255.254.0.0 224.254.14.161 route outside 210.52.128.0 255.255.128.0 224.254.14.161 route outside 210.53.0.0 255.255.0.0 224.254.14.161 route outside 210.74.64.0 255.255.192.0 224.254.14.161 route outside 210.74.128.0 255.255.192.0 224.254.14.161 route outside 210.78.0.0 255.255.224.0 224.254.14.161 route outside 210.82.0.0 255.254.0.0 224.254.14.161 route outside 211.100.0.0 255.255.0.0 224.254.14.161 route outside 211.101.0.0 255.255.192.0 224.254.14.161 route outside 211.147.0.0 255.255.0.0 224.254.14.161 route outside 211.167.96.0 255.255.224.0 224.254.14.161 route outside 218.4.0.0 255.252.0.0 224.254.14.161 route outside 218.10.0.0 255.254.0.0 224.254.14.161 route outside 218.21.128.0 255.255.128.0 224.254.14.161 route outside 218.24.0.0 255.254.0.0 224.254.14.161 route outside 218.26.0.0 255.255.0.0 224.254.14.161 route outside 218.27.0.0 255.255.0.0 224.254.14.161 route outside 218.28.0.0 255.254.0.0 224.254.14.161 route outside 218.56.0.0 255.252.0.0 224.254.14.161 route outside 218.60.0.0 255.254.0.0 224.254.14.161 route outside 218.62.0.0 255.255.128.0 224.254.14.161 route outside 218.67.128.0 255.255.128.0 224.254.14.161 route outside 218.68.0.0 255.254.0.0 224.254.14.161 route outside 218.109.159.0 255.255.255.0 224.254.14.161 route outside 219.141.128.0 255.255.128.0 224.254.14.161 route outside 219.142.0.0 255.254.0.0 224.254.14.161 route outside 219.154.0.0 255.254.0.0 224.254.14.161 route outside 219.156.0.0 255.254.0.0 224.254.14.161 route outside 219.158.0.0 255.255.0.0 224.254.14.161 route outside 219.159.0.0 255.255.192.0 224.254.14.161 route outside 220.248.0.0 255.252.0.0 224.254.14.161 route outside 220.252.0.0 255.255.0.0 224.254.14.161 route outside 221.0.0.0 255.252.0.0 224.254.14.161 route outside 221.4.0.0 255.254.0.0 224.254.14.161 route outside 221.6.0.0 255.255.0.0 224.254.14.161 route outside 221.7.128.0 255.255.128.0 224.254.14.161 route outside 221.8.0.0 255.254.0.0 224.254.14.161 route outside 221.10.0.0 255.255.0.0 224.254.14.161 route outside 221.11.0.0 255.255.128.0 224.254.14.161 route outside 221.12.0.0 255.252.0.0 224.254.14.161 route outside 221.12.0.0 255.255.128.0 224.254.14.161 route outside 221.12.128.0 255.255.192.0 224.254.14.161 route outside 221.192.0.0 255.252.0.0 224.254.14.161 route outside 221.195.0.0 255.255.0.0 224.254.14.161 route outside 221.196.0.0 255.254.0.0 224.254.14.161 route outside 221.199.0.0 255.255.224.0 224.254.14.161 route outside 221.199.32.0 255.255.240.0 224.254.14.161 route outside 221.199.128.0 255.255.192.0 224.254.14.161 route outside 221.199.192.0 255.255.240.0 224.254.14.161 route outside 221.200.0.0 255.252.0.0 224.254.14.161 route outside 221.204.0.0 255.254.0.0 224.254.14.161 route outside 221.207.0.0 255.255.192.0 224.254.14.161 route outside 221.208.0.0 255.240.0.0 224.254.14.161 route outside 221.208.0.0 255.252.0.0 224.254.14.161 route outside 221.213.0.0 255.255.0.0 224.254.14.161 route outside 221.214.0.0 255.254.0.0 224.254.14.161 route outside 222.128.0.0 255.252.0.0 224.254.14.161 route outside 222.132.0.0 255.252.0.0 224.254.14.161 route outside 222.136.0.0 255.248.0.0 224.254.14.161 route outside 222.160.0.0 255.252.0.0 224.254.14.161 route outside 222.163.0.0 255.255.224.0 224.254.14.161 #备注：224.254.14.161为通往的网通的网关，################## 网管论坛bbs_bitsCN_com

　　四、实现效果

网管u家u.bitsCN.com

　　目前国内的骨干网分为南、北两张网。南电信北网通，不通运营商之间的通讯都需要到骨干进行数据交换，因此网通的用户访问电信网站很慢而电信用户访问方位网通网站也很慢，因此对大型网络设置双出口可以使不同运营商之间网络访问速度得到改善，本文档是在这一背景下产生的需求。网管u家u.bitsCN.com

网管有家bitscn.net

顶一下

TAGs：实现出口 防火墙 配置 outside route 224.254.14.161

上一篇：如何配置SSH来访问PIX防火墙下一篇：巧设防火墙封杀特定网址

配置Cisco PIX 防火墙实现双出口

2007-09-13 作者:bitsCN整理 来源:中国网管联盟 点评 投稿 收藏

2007-09-13 作者:bitsCN整理来源:中国网管联盟点评投稿收藏