思科公司已成為公認(rèn)的世界網(wǎng)絡(luò)互聯(lián)解決方案的領(lǐng)先廠商，其公司出產(chǎn)的一系列路由器更是引領(lǐng)世界，那么你知道思科FWSM路由模式怎么配置嗎?下面是學(xué)習(xí)啦小編整理的一些關(guān)于思科FWSM路由模式怎么配置的相關(guān)資料，供你參考。

　　思科FWSM路由模式配置的方法：

　　應(yīng)用情況為，兩個(gè)接口outside應(yīng)用在廣域網(wǎng)，inside端口位于局域網(wǎng)，跑OSPF路由協(xié)議，將局域網(wǎng)能夠被廣域網(wǎng)訪問的服務(wù)器和端口打開，否則不允許訪問。這個(gè)應(yīng)用的情況比較簡(jiǎn)單，日后可以繼續(xù)擴(kuò)展，如服務(wù)器區(qū)等等。

　　sh run

　　: Saved

　　:

　　FWSM Version 3.2(2)

　　!

　　hostname SDDL-Internal-FW

　　domain-name sddl.com

　　enable password Z1UFjQZdKfrZkYLf encrypted

　　names

　　!

　　interface Vlan254

　　nameif outside

　　security-level 0

　　ip address X.Y.254.254 255.255.255.252

　　ospf hello-interval 1

　　ospf dead-interval 3

　　!

　　interface Vlan2254

　　nameif Internal

　　security-level 99

　　ip address X.Y.254.1 255.255.255.252

　　ospf hello-interval 1

　　ospf dead-interval 3

　　!

　　passwd Z1UFjQZdKfrZkYLf encrypted

　　ftp mode passive

　　<--- More --->

　　access-list acl-in extended permit ip any any

　　access-list SHJT_to_SDDL extended permit tcp any any eq telnet

　　access-list SHJT_to_SDDL extended permit icmp any any

　　access-list SHJT_to_SDDL extended permit ospf any any

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.32 eq www

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 3389

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.1.13 eq lotusnotes

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq www

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.60 eq 8080

　　access-list SHJT_to_SDDL extended permit tcp 10.36.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982

　　access-list SHJT_to_SDDL extended permit tcp 10.229.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq pop3

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq smtp

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq www

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq imap4

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq 63148

　　access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 63148

　　access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 143

　　access-list SHJT_to_SDDL extended permit udp any X.Y.128.0 255.255.255.0 eq 389

　　access-list SHJT_to_SDDL extended permit tcp any X.Y.128.0 255.255.255.0 eq https

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 8000

　　access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 8000

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.37 eq 7000

　　access-list SHJT_to_SDDL extended permit udp any host X.Y.128.37 eq 7000

　　<--- More --->

　　access-list SHJT_to_SDDL extended permit udp any host X.Y.128.38 eq 7000

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.38 eq 7000

　　access-list SHJT_to_SDDL extended permit tcp any host X.Y.128.50 eq 8080

　　access-list SHJT_to_SDDL extended permit udp any host X.Y.128.32 eq domain

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.45

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.39

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.1.12

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.42

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.37

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.46

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.44

　　access-list SHJT_to_SDDL extended permit ip any host X.Y.128.32

　　access-list SHJT_to_SDDL extended permit tcp 10.228.0.0 255.255.0.0 host X.Y.128.60 range 1976 1982

　　access-list SHJT_to_SDDL extended permit tcp 10.227.160.0 255.255.255.0 host X.Y.128.60 range 1976 1982

　　pager lines 24

　　logging enable

　　logging asdm informational

　　mtu outside 1500

　　mtu Internal 1500

　　ip verify reverse-path interface outside

　　ip verify reverse-path interface Internal

　　no failover

　　failover lan unit secondary

　　icmp permit any outside