一、防火墙登陆过程telnet 192.168.0.1输入：123用户名：en密码：srmciscoConf tShow run二、公网IP与内网IP映射：static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0三、再打开端口：输入以下一笔命今如access-list acl-out permit tcp any host 61.142.114.183 eq 5800 (打开外部5800端口) access-list acl-out permit tcp any host 61.142.114.183 eq 5900 (打开外部5900端口) access-list acl-out permit tcp any host 61.142.114.183 eq 1433 (打开外部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 1433 (打开内部1433端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5900 (打开内部5900端口) access-list acl-in permit tcp any host 61.142.114.183 eq 5800 (打开内部5800端口)四、登出防火墙：logout五、增加上网电脑1、nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）2、arp inside 192.168.0.188 000f.eafa.645d alias（绑定上网电脑网卡MAC地址）六、取消上网电脑1、no nat (inside) 1 192.168.0.188 255.255.255.255 0 0（上网电脑IP地址）2、no arp inside 192.168.0.188 000f.eafa.645d alias（绑定上网电脑网卡MAC地址）七、增加可以远程控制防火墙电脑telnet 192.168.0.188 255.255.255.255 inside八、保存已做改动设置wr me九、以下为现存防火墙配置。

以下每行即为一行命今，如果不见可以从以下黑体字中COPY，进入后粘添，然后保存即可。

User Access V erificationPassword:Type help or '?' for a list of available commands.pix515> conf tType help or '?' for a list of available commands.pix515> enPassword:Invalid passwordPassword: ********pix515# conf tpix515(config)# show run: Saved:PIX V ersion 6.3(1)interface ethernet0 autointerface ethernet1 autonameif ethernet0 outside security0nameif ethernet1 inside security100enable password gzE5ZoPZ4Fffph7. encryptedpasswd PLBb27eKLE1o9FTB encryptedhostname pix515domain-name fixup protocol ftp 21fixup protocol h323 h225 1720fixup protocol h323 ras 1718-1719fixup protocol http 80fixup protocol ils 389fixup protocol rsh 514fixup protocol rtsp 554fixup protocol sip 5060fixup protocol sip udp 5060fixup protocol skinny 2000no fixup protocol smtp 25fixup protocol sqlnet 1521namesaccess-list acl-out permit ip any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq pop3 access-list acl-out permit tcp any host 61.142.114.180 eq smtp access-list acl-out permit tcp any host 61.142.114.181 eq ftp access-list acl-out deny tcp any any eq 135access-list acl-out deny udp any any eq 135access-list acl-out deny udp any any eq 139access-list acl-out deny tcp any any eq netbios-ssnaccess-list acl-out deny tcp any any eq 445access-list acl-out deny udp any any eq 445access-list acl-out deny udp any any eq 593access-list acl-out deny tcp any any eq 593access-list acl-out deny tcp any any eq 5554access-list acl-out deny udp any any eq 5554access-list acl-out deny udp any any eq 5445access-list acl-out deny tcp any any eq 5445access-list acl-out deny tcp any any eq 9996access-list acl-out deny icmp any anyaccess-list acl-out permit tcp any host 61.142.114.180 eq www access-list acl-out permit tcp any host 61.142.114.179 eq www access-list acl-out permit tcp any host 61.142.114.182 eq www access-list acl-out permit tcp any host 61.142.114.181 eq www access-list acl-out permit tcp any host 61.142.114.182 eq 5800 access-list acl-out permit tcp any host 61.142.114.182 eq 5900 access-list acl-out permit tcp any host 61.142.114.182 eq 1433 access-list acl-in deny icmp any anyaccess-list acl-in permit tcp any host 61.142.114.180 eq pop3 access-list acl-in permit tcp any host 61.142.114.180 eq smtp access-list acl-in permit tcp any host 61.142.114.180 eq www access-list acl-in permit tcp any host 61.142.114.179 eq www access-list acl-in permit tcp any host 61.142.114.182 eq www access-list acl-in permit tcp any host 61.142.114.181 eq www access-list acl-in permit tcp any host 61.142.114.181 eq ftp access-list acl-in permit tcp any host 61.142.114.182 eq 1433 access-list acl-in permit tcp any host 61.142.114.182 eq 5900 access-list acl-in permit tcp any host 61.142.114.182 eq 5800 pager lines 24mtu outside 1500mtu inside 1500ip address outside 61.142.114.178 255.255.255.248ip address inside 192.168.0.1 255.255.255.0ip audit info action alarmip audit attack action alarmpdm history enablearp inside 192.168.1.253 0040.d080.57ad aliasarp inside 192.168.9.242 0006.1bd8.bb7b aliasarp inside 192.168.0.242 0006.1bd8.bb7b aliasarp inside 192.168.1.141 0006.1bc1.0ac8 aliasarp inside 192.168.9.6 000f.3d80.e85a aliasarp inside 192.168.1.225 0040.d080.57ad aliasarp inside 192.168.9.145 000f.ea0d.6d3b aliasarp inside 192.168.7.168 0014.8522.6f31 aliasarp inside 192.168.8.153 0011.430e.031c aliasarp inside 192.168.9.126 0002.2ef2.7340 aliasarp inside 192.168.0.14 0003.9988.5d32 aliasarp inside 192.168.0.16 000f.eaf8.46aa alias arp inside 192.168.3.11 0050.ba11.7dc4 alias arp inside 192.168.2.18 000f.ea25.1b36 alias arp inside 192.168.5.32 000f.ea0d.780e alias arp inside 192.168.2.6 0011.1124.098d alias arp inside 192.168.1.34 0040.0546.90f0 alias arp inside 192.168.5.5 0040.0545.6663 alias arp inside 192.168.0.108 0040.0546.9df3 alias arp inside 192.168.0.253 0002.55aa.7111 alias arp inside 192.168.7.13 0004.7966.acd0 alias arp inside 192.168.7.18 0050.ba11.7e19 alias arp inside 192.168.7.57 0040.0512.b50e alias arp inside 192.168.7.64 000f.ea07.9f46 alias arp inside 192.168.3.25 000f.3d81.6694 alias arp inside 192.168.5.27 000d.8849.3478 alias arp inside 192.168.9.9 000f.ea66.180d alias arp inside 192.168.2.12 0040.0543.bfc4 alias arp inside 192.168.2.10 000d.619c.5715 alias arp inside 192.168.7.8 0003.9988.3050 alias arp inside 192.168.7.11 000c.7641.3cf1 alias arp inside 192.168.7.10 000f.ea13.4eb7 alias arp inside 192.168.7.61 000d.884a.f2bf alias arp inside 192.168.7.58 000f.ea21.de1b alias arp inside 192.168.8.108 0004.0543.c046 alias arp inside 192.168.7.30 0040.0513.2a5c alias arp inside 192.168.8.109 000a.e420.6350 alias arp inside 192.168.0.10 0040.0543.6a2c alias arp inside 192.168.0.169 0050.ba11.7896 alias arp inside 192.168.5.35 0010.5a22.e60f alias arp inside 192.168.5.34 000f.ea0f.3b96 alias arp inside 192.168.0.188 000f.eafa.645d alias arp inside 192.168.0.118 0010.5a22.d7d5 alias arp inside 192.168.2.21 000f.eafa.5686 alias arp inside 192.168.0.5 000d.619d.e900 alias arp inside 192.168.2.11 000d.6193.be78 alias arp inside 192.168.1.123 000f.eac9.e1f6 alias arp inside 192.168.5.168 000f.eafb.55d4 alias arp inside 192.168.0.199 0011.1124.098d alias arp inside 192.168.0.249 000d.619d.e617 alias arp inside 192.168.0.233 000f.ea66.17c6 alias arp inside 192.168.0.182 000d.619c.5715 alias arp inside 192.168.1.133 0014.8522.7827 alias arp inside 192.168.0.201 0006.1bd3.68eb alias arp inside 192.168.6.5 0002.2ef4.9713 aliasarp inside 192.168.1.243 000f.1fb0.dc4c alias arp inside 192.168.0.161 0014.8580.9341 alias arp inside 192.168.9.125 000f.3d81.6694 alias arp inside 192.168.9.84 000f.ea0f.3b96 aliasarp inside 192.168.0.234 00c0.9fdf.48b5 alias arp inside 192.168.9.201 0006.1bd3.68eb alias arp inside 192.168.7.63 0014.8524.9545 aliasarp inside 192.168.9.168 0040.0547.0b8d alias arp timeout 14400global (outside) 1 interfacenat (inside) 1 192.168.0.5 255.255.255.255 0 0 nat (inside) 1 192.168.0.14 255.255.255.255 0 0 nat (inside) 1 192.168.0.16 255.255.255.255 0 0 nat (inside) 1 192.168.0.56 255.255.255.255 0 0 nat (inside) 1 192.168.0.108 255.255.255.255 0 0 nat (inside) 1 192.168.0.118 255.255.255.255 0 0 nat (inside) 1 192.168.0.161 255.255.255.255 0 0 nat (inside) 1 192.168.0.169 255.255.255.255 0 0 nat (inside) 1 192.168.0.182 255.255.255.255 0 0 nat (inside) 1 192.168.0.188 255.255.255.255 0 0 nat (inside) 1 192.168.0.199 255.255.255.255 0 0 nat (inside) 1 192.168.0.201 255.255.255.255 0 0 nat (inside) 1 192.168.0.233 255.255.255.255 0 0 nat (inside) 1 192.168.0.234 255.255.255.255 0 0 nat (inside) 1 192.168.0.242 255.255.255.255 0 0 nat (inside) 1 192.168.0.249 255.255.255.255 0 0 nat (inside) 1 192.168.0.253 255.255.255.255 0 0 nat (inside) 1 192.168.1.34 255.255.255.255 0 0 nat (inside) 1 192.168.1.123 255.255.255.255 0 0 nat (inside) 1 192.168.1.133 255.255.255.255 0 0 nat (inside) 1 192.168.1.141 255.255.255.255 0 0 nat (inside) 1 192.168.1.225 255.255.255.255 0 0 nat (inside) 1 192.168.1.243 255.255.255.255 0 0 nat (inside) 1 192.168.1.253 255.255.255.255 0 0 nat (inside) 1 192.168.2.6 255.255.255.255 0 0 nat (inside) 1 192.168.2.11 255.255.255.255 0 0 nat (inside) 1 192.168.2.12 255.255.255.255 0 0 nat (inside) 1 192.168.2.18 255.255.255.255 0 0 nat (inside) 1 192.168.2.21 255.255.255.255 0 0 nat (inside) 1 192.168.5.27 255.255.255.255 0 0 nat (inside) 1 192.168.5.32 255.255.255.255 0 0 nat (inside) 1 192.168.5.34 255.255.255.255 0 0 nat (inside) 1 192.168.5.35 255.255.255.255 0 0 nat (inside) 1 192.168.5.168 255.255.255.255 0 0nat (inside) 1 192.168.6.5 255.255.255.255 0 0nat (inside) 1 192.168.7.8 255.255.255.255 0 0nat (inside) 1 192.168.7.10 255.255.255.255 0 0nat (inside) 1 192.168.7.11 255.255.255.255 0 0nat (inside) 1 192.168.7.13 255.255.255.255 0 0nat (inside) 1 192.168.7.18 255.255.255.255 0 0nat (inside) 1 192.168.7.30 255.255.255.255 0 0nat (inside) 1 192.168.7.57 255.255.255.255 0 0nat (inside) 1 192.168.7.58 255.255.255.255 0 0nat (inside) 1 192.168.7.60 255.255.255.255 0 0nat (inside) 1 192.168.7.61 255.255.255.255 0 0nat (inside) 1 192.168.7.63 255.255.255.255 0 0nat (inside) 1 192.168.7.64 255.255.255.255 0 0nat (inside) 1 192.168.7.168 255.255.255.255 0 0nat (inside) 1 192.168.8.108 255.255.255.255 0 0nat (inside) 1 192.168.8.109 255.255.255.255 0 0nat (inside) 1 192.168.8.153 255.255.255.255 0 0nat (inside) 1 192.168.9.6 255.255.255.255 0 0nat (inside) 1 192.168.9.9 255.255.255.255 0 0nat (inside) 1 192.168.9.84 255.255.255.255 0 0nat (inside) 1 192.168.9.125 255.255.255.255 0 0nat (inside) 1 192.168.9.126 255.255.255.255 0 0nat (inside) 1 192.168.9.145 255.255.255.255 0 0nat (inside) 1 192.168.9.168 255.255.255.255 0 0nat (inside) 1 192.168.9.201 255.255.255.255 0 0nat (inside) 1 192.168.9.242 255.255.255.255 0 0static (inside,outside) 61.142.114.180 192.168.0.7 netmask 255.255.255.255 0 0 static (inside,outside) 61.142.114.179 192.168.0.100 netmask 255.255.255.255 0 0static (inside,outside) 61.142.114.181 192.168.0.251 netmask 255.255.255.255 0 0static (inside,outside) 61.142.114.182 192.168.0.136 netmask 255.255.255.255 0 0access-group acl-in in interface outsideaccess-group acl-out in interface insideroute outside 0.0.0.0 0.0.0.0 61.142.114.177 1route inside 192.168.0.0 255.255.240.0 192.168.0.202 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00timeout uauth 0:05:00 absoluteaaa-server TACACS+ protocol tacacs+aaa-server RADIUS protocol radiusaaa-server LOCAL protocol localno snmp-server locationno snmp-server contactsnmp-server community publicno snmp-server enable trapsfloodguard enabletelnet 192.168.0.108 255.255.255.255 insidetelnet 192.168.0.188 255.255.255.255 insidetelnet 192.168.0.169 255.255.255.255 insidetelnet timeout 30ssh timeout 5console timeout 0username computer password hhZS66xDnl.zVXQb encrypted privilege 2 terminal width 80Cryptochecksum:ca453c5b679c44ffcac4a76f3e21910e: endpix515(config)#十、修改进入密码pass (加要休改的密码)* 所有操作后请保存。