figaccesslist101de
yicmpa
y1064020000echorouterco
figaccesslist101permitipa
ya
yrouterco
figi
ts00routerco
figifipaccessgroup101i
例3：routerco
figaccesslist102de
ytcpa
y1065020000eq80routerco
figaccesslist102permitipa
ya
yrouterco
figi
terfaces01routerco
figifipaccessgroup102out
删除访问控制例表routerco
fig
oaccesslist102routerco
figif
oipaccessgroup101i
路由器的
at配置Routerco
figifip
ati
side；当前接口指定为内部接口Routerco
figifip
atoutside；当前接口指定为外部接口Routerco
figip
ati
sidesourcestaticp私有IP公网IPportRouterco
figip
ati
sidesourcestatic10651260111Routerco
figip
ati
sidesourcestatictcp106513806011180Routerco
figip
atpoolp1601116011202552552550Routerco
figip
ati
sidesourcelist1poolp1Routerco
figip
ati
sidedesti
atio
list2poolp2
fRouterco
figip
ati
sidesourcelist2i
terfaces00overloadRouterco
figip
atpoolp21065121065142552552550typerotaryRoutershowip
attra
slatio
rotary参数是轮流的意思，地址池中的IP轮流与NAT分配的地址匹配。overload参数用于PAT将内部IP映射到一个公网IP不同的端口上。
外部网关协议配置：routerAco
figrouterbgp100routerAco
figrouter
etwork19000routerAco
figrouter
eighbor8112remoteas200配置PPP验证：RouterAco
figuser
amepasswordRouterAco
figi
ts0RouterAco
figifpppauthe
ticatio
chappap3．PIX防火墙命令Pix525co
fig
ameifether
et0outsidesecurity0；命名接口和级别Pix525co
figi
terfaceether
et0auto；设置接口方式Pix525co
figi
terfaceether
et1100full；设置接口方式Pix525co
figi
terfaceether
et1100fullshutdow
Pix525co
figipaddressi
side192168012552552550Pix525co
figipaddressoutside133001255255255252Pix525co
figglobalif_
ame
atidipip；定义公网IP区间Pix525co
figglobaloutside1700170015；例句Pix525co
figglobaloutside1133001；例句Pix525co
fig
oglobaloutside1133001；去掉设置Pix525co
fig
atif_
ame
at_idlocal_ip
etmarkPix525co
fig
ati
side100
f内网所有主机0代表0000可以访问global1指定的外网。Pix525co
fig
ati
side1172165025525500内网172165016网段的主机可以访问global1指定的外网。Pix525co
figrouteif_
ame00gateway_ipmetric；命令格式Pix525co
figrouteoutside001330011；例句Pix525co
figroutei
side1010025525500108011；例句Pix525co
figstatici
side，outside13300119216808表示内部ip地址19216808，访问外部时被翻译成133001全局地址。Pix525co
figstaticdmz，outside133001172r