First, the user needs
The user has a Cisco PIX 515E firewall, a netcom's export, and a telecom export. Now to implement the default are to go out of the telecommunications line, and access to Netcom's Web site using Netcom's line out.
Ii. Key points of implementation
1, the first to collect Netcom's IP network segment (this can be searched on the network, or telecom friends want a);
2, in the routing aspect, because the Cisco PIX is biased to the function of the firewall, so the PIX in the routing is relatively weak to be implemented through policy routing, where I used the default route to set up a telecommunications gateway, while adding a network of netcom IP static routes. This achieves the trend of two export routes.
3, in the area of NAT, to configure two Nat, one of which is to switch to Netcom's export IP, the other is to telecommunications to convert to the export of telecommunications IP, this NAT should be Netcom's NAT to configure in front of the telecommunications NAT, otherwise it will not be achieved.
CISCO pix Dual Export configuration
3.1 Environment Description
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet5 teloutside security0
ip address outside 224.254.14.164 255.255.255.0
ip address inside 192.168.0.1 255.255.255.0
ip address teloutside 202.99.114.91 255.255.255.128
#备注:outside为网通线路出口;teloutside为电信线路出口;inside为内网接口;
3.2 Dual Export implementation
A, netcom IP network segment definition
Object-group Network Wtnetwork
Network-object 58.16.0.0 255.248.0.0
Network-object 58.100.0.0 255.254.0.0
Network-object 58.240.0.0 255.240.0.0
Network-object 60.0.0.0 255.248.0.0
Network-object 60.8.0.0 255.252.0.0
Network-object 60.12.0.0 255.255.0.0
Network-object 60.13.0.0 255.255.192.0
Network-object 60.13.128.0 255.255.128.0
Network-object 60.16.0.0 255.240.0.0
Network-object 60.24.0.0 255.248.0.0
Network-object 60.31.0.0 255.255.0.0
Network-object 60.208.0.0 255.248.0.0
Network-object 60.216.0.0 255.254.0.0
Network-object 60.220.0.0 255.252.0.0
Network-object 61.48.0.0 255.252.0.0
Network-object 61.52.0.0 255.254.0.0
Network-object 61.54.0.0 255.255.0.0
Network-object 61.55.0.0 255.255.0.0
Network-object 61.133.0.0 255.255.128.0
Network-object 61.134.64.0 255.255.192.0
Network-object 61.134.128.0 255.255.128.0
Network-object 61.135.0.0 255.255.0.0
Network-object 61.136.0.0 255.255.0.0
Network-object 61.138.0.0 255.255.128.0
Network-object 61.139.128.0 255.255.192.0
Network-object 61.148.0.0 255.255.0.0
Network-object 61.149.0.0 255.255.0.0
Network-object 61.156.0.0 255.255.0.0
Network-object 61.158.0.0 255.255.0.0
Network-object 61.159.0.0 255.255.192.0
Network-object 61.161.0.0 255.255.192.0
Network-object 61.161.128.0 255.255.128.0
Network-object 61.162.0.0 255.255.0.0
Network-object 61.163.0.0 255.255.0.0
Network-object 61.167.0.0 255.255.0.0
Network-object 61.168.0.0 255.255.0.0
Network-object 61.176.0.0 255.255.0.0
Network-object 61.179.0.0 255.255.0.0
Network-object 61.180.128.0 255.255.128.0
Network-object 61.181.0.0 255.255.0.0
Network-object 61.182.0.0 255.255.0.0
Network-object 61.189.0.0 255.255.128.0
Network-object 124.90.0.0 255.254.0.0
Network-object 124.162.0.0 255.255.0.0
Network-object 202.32.0.0 255.224.0.0
Network-object 202.96.64.0 255.255.224.0
Network-object 202.97.128.0 255.255.128.0
Network-object 202.98.0.0 255.255.224.0
Network-object 202.99.0.0 255.255.0.0
Network-object 202.102.128.0 255.255.192.0
Network-object 202.102.224.0 255.255.254.0
Network-object 202.106.0.0 255.255.0.0
Network-object 202.107.0.0 255.255.128.0
Network-object 202.108.0.0 255.255.0.0
Network-object 202.110.0.0 255.255.128.0
Network-object 202.110.192.0 255.255.192.0
Network-object 202.111.128.0 255.255.192.0
Network-object 203.79.0.0 255.255.0.0
Network-object 203.80.0.0 255.255.0.0
Network-object 203.81.0.0 255.255.224.0
Network-object 203.86.32.0 255.255.224.0
Network-object 203.86.64.0 255.255.224.0
Network-object 203.90.0.0 255.255.128.0
Network-object 203.90.128.0 255.255.192.0
Network-object 203.90.192.0 255.255.224.0
Network-object 203.92.0.0 255.254.0.0
Network-object 210.12.0.0 255.255.128.0
Network-object 210.12.192.0 255.255.192.0
Network-object 210.13.0.0 255.255.255.0
Network-object 210.14.160.0 255.255.224.0
Network-object 210.14.192.0 255.255.192.0
Network-object 210.15.0.0 255.255.128.0
Network-object 210.15.128.0 255.255.192.0
Network-object 210.16.128.0 255.255.192.0
Network-object 210.21.0.0 255.255.0.0
Network-object 210.22.0.0 255.255.0.0
Network-object 210.51.0.0 255.255.0.0
Network-object 210.52.0.0 255.254.0.0
Network-object 210.52.128.0 255.255.128.0
Network-object 210.53.0.0 255.255.0.0
Network-object 210.74.64.0 255.255.192.0
Network-object 210.74.128.0 255.255.192.0
Network-object 210.78.0.0 255.255.224.0
Network-object 210.82.0.0 255.254.0.0
Network-object 211.100.0.0 255.255.0.0
Network-object 211.101.0.0 255.255.192.0
Network-object 211.147.0.0 255.255.0.0
Network-object 211.167.96.0 255.255.224.0
Network-object 218.4.0.0 255.252.0.0
Network-object 218.10.0.0 255.254.0.0
Network-object 218.21.128.0 255.255.128.0
Network-object 218.24.0.0 255.254.0.0
Network-object 218.26.0.0 255.255.0.0
Network-object 218.27.0.0 255.255.0.0
Network-object 218.28.0.0 255.254.0.0
Network-object 218.56.0.0 255.252.0.0
Network-object 218.60.0.0 255.254.0.0
Network-object 218.62.0.0 255.255.128.0
Network-object 218.67.128.0 255.255.128.0
Network-object 218.68.0.0 255.254.0.0
Network-object 218.109.159.0 255.255.255.0
Network-object 219.141.128.0 255.255.128.0
Network-object 219.142.0.0 255.254.0.0
Network-object 219.154.0.0 255.254.0.0
Network-object 219.156.0.0 255.254.0.0
Network-object 219.158.0.0 255.255.0.0
Network-object 219.159.0.0 255.255.192.0
Network-object 220.248.0.0 255.252.0.0
Network-object 220.252.0.0 255.255.0.0
Network-object 221.0.0.0 255.252.0.0
Network-object 221.4.0.0 255.254.0.0
Network-object 221.6.0.0 255.255.0.0
Network-object 221.7.128.0 255.255.128.0
Network-object 221.8.0.0 255.254.0.0
Network-object 221.10.0.0 255.255.0.0
Network-object 221.11.0.0 255.255.128.0
Network-object 221.12.0.0 255.252.0.0
Network-object 221.12.0.0 255.255.128.0
Network-object 221.12.128.0 255.255.192.0
Network-object 221.192.0.0 255.252.0.0
Network-object 221.195.0.0 255.255.0.0
Network-object 221.196.0.0 255.254.0.0
Network-object 221.199.0.0 255.255.224.0
Network-object 221.199.32.0 255.255.240.0
Network-object 221.199.128.0 255.255.192.0
Network-object 221.199.192.0 255.255.240.0
Network-object 221.200.0.0 255.252.0.0
Network-object 221.204.0.0 255.254.0.0
Network-object 221.207.0.0 255.255.192.0
Network-object 221.208.0.0 255.240.0.0
Network-object 221.208.0.0 255.252.0.0
Network-object 221.213.0.0 255.255.0.0
Network-object 221.214.0.0 255.254.0.0
Network-object 222.128.0.0 255.252.0.0
Network-object 222.132.0.0 255.252.0.0
Network-object 222.136.0.0 255.248.0.0
Network-object 222.160.0.0 255.252.0.0
Network-object 222.163.0.0 255.255.224.0