2024年4月3日发(作者:)

name 172.16.0.0 Client description neibujisuanji

//把ip地址进行文字命名,可以

在acl里调用的时候用命名来代替地址。

name 172.16.136.11 a-136.11

// 例如将172.16.136.11 用命名“a-136.11”来替代,a代表接入层。

name 172.16.101.30 a-101.30

name 172.16.101.0 jisuanjishi description jisuanjishi

name 172.16.153.161 a-153.161

name 172.16.153.162 a-153.162

name 172.16.153.163 a-153.163

name 172.16.147.78 a-147.78

name 172.16.101.54 a-101.54

name 172.16.153.160 a-153.160

name 172.16.153.164 a-153.164

name 172.16.153.26 a-153.26

name 172.16.101.12 a-101.12

name 202.106.73.101 pat_test

name 172.16.143.55 guke-caixu

name 172.16.101.32 specialuse

name 172.16.133.40 yaopinbuliang

name 172.16.146.189 a-146.189

name 172.16.101.50 temp

name 172.16.130.68 sunkai

name 211.103.242.13 pla-libary

name 172.16.103.213 zjp

name 172.16.134.187 zzj

name 172.16.185.21 guojihuiyi description chengpeng

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0//设置接口名称,并指定安全级别,安全级别取值范围为1~100,数字越大

安全级别越高。ethernet0命名为外部接口outside,安全级别是0;ethernet1命名为内部接

口inside,安全级别是100;ethernet2命名为中间接口dmz,安装级别50.

ip address 202.106.73.100 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 172.16.255.2 255.255.255.0

!

interface Ethernet0/2

shutdown

nameifdmz

security-level 0

ip address 192.168.73.1 255.255.255.0

!

interface Ethernet0/3

shutdown

nonameif

no security-level

noip address

!

interface Management0/0

nameif management //设置接口名称,并指定安全级别,安全级别取值范围为1~100,数字

越大安全级别越高。ethernet0命名为外部接口outside,安全级别是0;ethernet1命名为内

部接口inside,安全级别是100;ethernet2命名为中间接口dmz,安装级别50.

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only ----此端口仅用作管理,不作为业务端口使用

!

!

time-range sparetime -----------定义一个时间范围的策略名称,方便调用

periodic weekdays 0:00 to 8:00 ---------一周(1-5)晚12点到早上8点

periodic weekend 0:00 to 23:59 ---------周末两天,全天时间

periodic weekdays 17:30 to 23:59---------一周(1-5)5点半到晚上23:59分

periodic weekdays 11:30 to 14:30---------一周(1-5)中午11点半到2点半

!

boot system disk0:/

ftp mode passive----FTP被动模式

clocktimezone HKST 8

dns server-group DefaultDNS

d

object-group network obj_any----定义一个网络对象组策略名称为obj_any,方便调用

object-group service comm-service

service-object tcpeq domain---指定TCP域名服务

service-objecttcpeq ftp

service-objecttcpeq gopher

service-objecttcpeq www

service-objecttcpeq https

service-objecttcpeq pop3

service-objecttcpeqsmtp

service-objecttcpeq telnet

service-objectudpeq domain

object-group service udp-500 udp

port-object eqisakmp---指定isakmp协议

object-group service guojiyixuezhognxin

service-objecttcpeq 8899

object-group service yingxiangzongxin