一、防火墙登陆过程telnet 192.168.0.1 输入：123用户名：en密码：srmciscoConf tShow run二、公网IP与内网IP映射：static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0三、再打开端口：输入以下一笔命今如access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口)access-list acl-out permit tcp any host 61.142.114.183 eq 5900 (打开外部5900端口)access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口)access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口)access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口)access-list acl-in permit tcp any host 61.142.114.183 eq 5800 (打开内部5800端口)四、登出防火墙：logout五、增加上网电脑1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）2、arp inside 192.168.0.188 000f.eafa.645d alias（绑定上网电脑网卡MAC地址）六、取消上网电脑1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）2、no arp inside 192.168.0.188 000f.eafa.645d alias（绑定上网电脑网卡MAC地址）七、增加可以远程控制防火墙电脑telnet 192.168.0.188 255.255.255.255 inside八、保存已做改动设置wr me九、以下为现存防火墙配置。以下每行即为一行命今，如果不见可以从以下黑体字中COPY，进入后粘添，然后保存即可。User Access VerificationPassword:Type help or ? for a list of available commands.pix515 conf tType help or ? for a list of available commands.pix515 enPassword:Invalid passwordPassword: *pix515# conf tpix515(config)# show run: Saved:PIX Version 6.3(1)interface ethernet0 autointerface ethernet1 autonameif ethernet0 outside security0nameif ethernet1 inside security100enable password gzE5ZoPZ4Fffph7. encryptedpasswd PLBb27eKLE1o9FTB encryptedhostname pix515domain-name cisco.comfixup protocol ftp 21fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol http 80fixup protocol ils 389fixup protocol rsh 514fixup protocol rtsp 554fixup protocol sip 5060fixup protocol sip udp 5060fixup protocol skinny 2000no fixup protocol smtp 25fixup protocol sqlnet 1521namesaccess-list acl-out permit ip any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq pop3access-list acl-out permit tcp any host 61.142.114.180 eq smtpaccess-list acl-out permit tcp any host 61.142.114.181 eq ftpaccess-list acl-out deny tcp any any eq 135access-list acl-out deny udp any any eq 135access-list acl-out deny udp any any eq 139access-list acl-out deny tcp any any eq netbios-ssnaccess-list acl-out deny tcp any any eq 445access-list acl-out deny udp any any eq 445access-list acl-out deny udp any any eq 593access-list acl-out deny tcp any any eq 593access-list acl-out deny tcp any any eq 5554access-list acl-out deny udp any any eq 5554access-list acl-out deny udp any any eq 5445access-list acl-out deny tcp any any eq 5445access-list acl-out deny tcp any any eq 9996access-list acl-out deny icmp any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq wwwaccess-list acl-out permit tcp any host 61.142.114.179 eq wwwaccess-list acl-out permit tcp any host 61.142.114.182 eq wwwaccess-list acl-out permit tcp any host 61.142.114.181 eq wwwaccess-list acl-out permit tcp any host 61.142.114.182 eq 5800access-list acl-out permit tcp any host 61.142.114.182 eq 5900access-list acl-out permit tcp any host 61.142.114.182 eq 1433access-list acl-in deny icmp any anyaccess-list acl-in permit tcp any host 61.142.114.180 eq pop3access-list acl-in permit tcp any host 61.142.114.180 eq smtpaccess-list acl-in permit tcp any host 61.142.114.180 eq wwwaccess-list acl-in permit tcp any host 61.142.114.179 eq wwwaccess-list acl-in permit tcp any host 61.142.114.182 eq wwwaccess-list acl-in permit tcp any host 61.142.114.181 eq wwwaccess-list acl-in permit tcp any host 61.142.114.181 eq ftpaccess-list acl-in permit tcp any host 61.142.114.182 eq 1433access-list acl-in permit tcp any host 61.142.114.182 eq 5900access-list acl-in permit tcp any host 61.142.114.182 eq 5800pager lines 24mtu outside 1500mtu inside 1500ip address outside 61.142.114.178 255.255.255.248ip address inside 192.168.0.1 255.255.255.0ip audit info action alarmip audit attack action alarmpdm history enablearp inside 192.168.1.253 0040.d080.57ad aliasarp inside 192.168.9.242 0006.1bd8.bb7b aliasarp inside 192.168.0.242 0006.1bd8.bb7b aliasarp inside 192.168.1.141 0006.1bc1.0ac8 aliasarp inside 192.168.9.6 000f.3d80.e85a aliasarp inside 192.168.1.225 0040.d080.57ad aliasarp inside 192.168.9.145 000f.ea0d.6d3b aliasarp inside 192.168.7.168 0014.8522.6f31 aliasarp inside 192.168.8.153 0011.430e.031c aliasarp inside 192.168.9.126 0002.2ef2.7340 aliasarp inside 192.168.0.14 0003.9988.5d32 aliasarp inside 192.168.0.16 000f.eaf8.46aa aliasarp inside 192.168.3.11 0050.ba11.7dc4 aliasarp inside 192.168.2.18 000f.ea25.1b36 aliasarp inside 192.168.5.32 000f.ea0d.780e aliasarp inside 192.168.2.6 0011.1124.098d aliasarp inside 192.168.1.34 0040.0546.90f0 aliasarp inside 192.168.5.