CISCO PIX防火墙配置手册

第1 章 引 言...................................................7
1.1 理解PIX防火墙....................................................................................7
1.2 PIX防火墙的特性.................................................................................13
1.4 决定如何使用多路接口.........................................................................34
1.5 命令行指导.............................................................................................36
第2 章配置PIX 防火墙.........................................53
第3 章 高级配置.................................................54
3.1 failover.....................................................................................................54
3.2 阻塞ActiveX..........................................................................................70
3.3 WebSENSE URL 过滤...........................................................................71
3.4 FTP 和URL 登录..................................................................................72
3.5 SNMP......................................................................................................73
3.6 用于IPSec 转换的专用链路..................................................................77
第4 章 配置IPSec ................................................85
4.1 支持的标准.............................................................................................86
4.2 术语列表.................................................................................................89
4.3 配置你的IPSec 的顺序..........................................................................91
4.4 关于IPSec...............................................................................................92
4.5 配置IPSec...............................................................................................110
4.6 关于IKE.................................................................................................119
4.7 配置IKE.................................................................................................125
4.8 关于IKE 模式配置（为Cisco 安全的VPN客户提供动态IP 地址分配）
..........................................................................................................................130
4.9 配置动态IP 地址分配...........................................................................132
4.10 关于CA................................................................................................133
4.11 配置CA.................................................................................................139
第5 章 配置实例.................................................145
5.1 无NAT 要素的两个接口配置（基本）...............................................146
5.2 有NAT 要素的两个接口（基本）.......................................................150
5.3 有NAT 的两个接口（高级）...............................................................154
5.4 无NAT 的三个接口配置.......................................................................161
5.5 有NAT 的三接口配置...........................................................................165
5.6 有NAT 的四接口配置...........................................................................170
5.7 有NAT 的六接口配置.............................................................................181
5.8 有人工密钥的IPSec...............................................................................194
5.9 无NAT 使用预共享密钥的VPN通道.................................................208
5.10 使用数字签名证书的VPN通道.........................................................221
5.11 使用委托数字证书的VPN通道.........................................................237
5.12 有指定IP 地址和预共享密钥的VPN客户访问..............................252
5.13 有AAA和预共享密钥的VPN客户机访问......................................263
5.14 在PIX防火墙上支持IPSec 和NAT 特性.........................................277
第6 章 命令参考..................................................296
6.1 aaa............................................................................................................297
6.2 aaa-server.................................................................................................309
6.3 access-group............................................................................................312
6.4 access-list.................................................................................................313
6.5 alias..........................................................................................................317
6.6 arp............................................................................................................321
6.7 auth-prompt .............................................................................................323
6.8 ca .............................................................................................................325
6.9 clock........................................................................................................334
6.10 conduit...................................................................................................336
6.11 configure................................................................................................345
6.12 crypto dynamic-map..............................................................................349
6.13 crypto ipsec............................................................................................354
6.14 crypto map.............................................................................................367
6.15 debug.....................................................................................................388
6.16 disable....................................................................................................394
6.17 domain-name.........................................................................................395
6.18 enable.....................................................................................................395
6.19 enable password ....................................................................................396
6.20 exit.........................................................................................................402
6.21 failover...................................................................................................402
6.22 filter.......................................................................................................407
6.23 fixup protocol ........................................................................................411
6.24 flashfs ....................................................................................................414
6.25 floodguard .............................................................................................415
6.26 global.....................................................................................................417
6.27 help........................................................................................................420
6.28 hostname................................................................................................421
6.29 interface.................................................................................................422
6.30 ip............................................................................................................427
6.31 ipsec.......................................................................................................430
6.32 isakmp ...................................................................................................431
6.33 kill..........................................................................................................440
6.34 logging...................................................................................................441
6.35 mtu.........................................................................................................455
6.36 name/names...........................................................................................456
6.37 nameif....................................................................................................459
6.38 nat..........................................................................................................461
6.39 outbound/apply......................................................................................464
6.40 Pager......................................................................................................473
6.41 passwd...................................................................................................475
6.42 perfmon .................................................................................................476
6.43 ping........................................................................................................478
6.44 quit.........................................................................................................479
6.45 reload.....................................................................................................480
6.46 rip ..........................................................................................................481
6.47 route.......................................................................................................482
6.48 service....................................................................................................484
6.49 session ...................................................................................................485
6.50 Show......................................................................................................487
6.51 show blocks/clear blocks.......................................................................488
6.52 show checksum......................................................................................489
6.53 show conn..............................................................................................490
6.54 show history..........................................................................................491
6.55 show interface........................................................................................492
6.56 show memory........................................................................................492
6.57 show processes......................................................................................493
6.58 show tech-support .................................................................................494
6.59 show traffic............................................................................................494
6.60 show uauth.............................................................................................495
6.61 Show version.........................................................................................495
6.62 show xlate..............................................................................................497
6.63 snmp-server...........................................................................................497
6.64 Static......................................................................................................500
6.65 sysopt.....................................................................................................507
6.66 Terminal.................................................................................................521
6.67 timeout...................................................................................................523
6.68 uauth(clear and show) ...........................................................................527
6.69 url-cache................................................................................................529
6.70 url-server ...............................................................................................531
6.71 virtual.....................................................................................................533
6.72 Who.......................................................................................................537
6.73 write.......................................................................................................538
6.74 xlate(clear and show) ............................................................................542
第7 章 PIX 515 配置.............................................544
7.1 PIX 515 的指示灯.................................................................................544
7.2 通过TFTP 下载一个PIX 515 映像......................................................545
7.3 升级PIX 515 活动密钥.........................................................................550