Ciao ragazzi, qualche giorno fà mi avete suggerito un PIX-515E-DMZ-BUN oppure, visto che il pix è Eof Liv, un ASA5510-BUN-K9. Adesso ho due offerte per questi prodotti. Mi server avere 3 porte, con dmz. Vorrei sapere se ci sono differenze sostanziali di programmazione fra questi due prodott, per capirci...se dovessi inserire questa bozza di configurazione:
interface Ethernet0 nameif outside security-level 0 ip address 192.168.2.2 255.255.255.248 ! interface Ethernet1 nameif inside security-level 100 ip address 10.172.3.2 255.255.255.0 ! interface Ethernet2 nameif dmz security-level 50 ip address 192.168.1.2 255.255.255.0 ! access-list outside_access_in permit tcp any host 192.168.2.10 eq www access-list outside_access_in permit tcp any host 192.168.2.10 eq https access-list outside_access_in permit tcp any host 192.168.2.12 eq 1812 access-list outside_access_in permit tcp any host 192.168.2.12 eq 1813 access-list outside_access_in permit tcp any host 192.168.2.12 eq 67 access-list dmz_access_in permit tcp host 192.168.1.10 host 10.172.3.60 eq 1433 access-list dmz_access_in permit tcp host 192.168.1.11 host 10.172.3.60 eq 1433 access-list dmz_access_in deny ip 192.168.1.0 255.255.255.0 10.172.3.0 255.255.255.0 access-list dmz_access_in permit ip any any global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,dmz) 10.172.3.0 10.172.3.0 netmask 255.255.255.0 static (dmz,outside) 192.168.2.10 192.168.1.10 netmask 255.255.255.255 static (dmz,outside) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 access-group outside_access_in in interface outside access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 192.168.2.1 funziona su un PIX 515 tanto quanto un ASA 5510 ? Cambiano molto i comandi ios? Grazie, Luca.
_______________________________________________ Cug mailing list http://www.areanetworking.it/index_docs.php [email protected] http://ml.areanetworking.it/mailman/listinfo/cug
