Dit is een deel van de configuratie die ik in de Cisco UN-LAB-PIX-01/02 heb gebruikt
conf term
clear config all
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password **********
passwd **********
hostname UN-LAB-PIX-01 / UN-LAB-PIX-02
domain-name UN-LAB.local
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
fixup protocol pptp 1723
fixup protocol dns maximum-length 4096
names
access-list acl_NoNat permit ip 10.10.0.0 / 172.16.0.0 255.255.255.0 192.168.XXX.0 255.255.252.0
access-list acl_NoNat permit ip 192.168.XXX.0 255.255.252.0 10.10.0.0 / 172.16.0.0 255.255.255.0
access-list acl_Allow_Outside permit icmp any any
access-group acl_Allow_Outside in interface outside
icmp permit 192.168.XXX.0 255.255.252.0 outside
icmp deny 0.0.0.0 0.0.0.0 outside
interface ethernet0 auto
interface ethernet1 auto
ip address outside 192.168.XXX.XXX 255.255.252.0
ip address inside 172.16.0.1 / 10.10.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
telnet 192.168.XXX.0 255.255.252.0 outside
telnet 10.10.0.0 172.16.0.0 255.255.255.0 inside
ssh 192.168.XXX.0 255.255.252.0 outside
ssh 10.10.0.0 172.16.0.0 255.255.255.0 inside
global (outside) 1 interface
nat (inside) 0 access-list acl_NoNat
nat (inside) 1 10.10.0.0 / 172.16.0.0 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 192.168.XXX.1 1
timeout xlate 0:05:00
timeout uauth 0:05:00 absolute
floodguard enable
http server enable
http 0.0.0.0 0.0.0.0 inside
no dhcpd enable inside
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
isakmp nat-traversal
write memory
ca generate rsa key 1024
show ca mypubkey rsa
ca save all
write memory