version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!ip inspect name ethernetin cuseeme timeout 3600ip inspect name ethernetin ftp timeout 3600ip inspect name ethernetin h323 timeout 3600ip inspect name ethernetin http timeout 3600ip inspect name ethernetin rcmd timeout 3600ip inspect name ethernetin realaudio timeout 3600ip inspect name ethernetin smtp timeout 3600ip inspect name ethernetin sqlnet timeout 3600ip inspect name ethernetin streamworks timeout 3600ip inspect name ethernetin tcp timeout 3600ip inspect name ethernetin tftp timeout 30ip inspect name ethernetin udp timeout 15ip inspect name ethernetin vdolive timeout 3600!interface Ethernet0ip address 20.20.20.2 255.255.255.0ip access-group 101 inno ip directed-broadcastip nat insideip inspect ethernetin in!interface Serial0ip address 150.150.150.1 255.255.255.0ip access-group 112 inno ip directed-broadcastip nat outsideclockrate 4000000!ip nat pool serialzero 150.150.150.3 150.150.150.255 netmask 255.255.255.0ip nat inside source list 1 pool serialzeroip classlessip route 0.0.0.0 0.0.0.0 150.150.150.2ip route 20.30.30.0 255.255.255.0 20.20.20.1!line con 0transport input noneline aux 0line vty 0 4password wwlogin!end关于ip inspect nameif you deny SMTP mail on the external ACL, no external SMTP servers will ever be able to make a connection to the internal SMTP server.CBAC is totally independent of access lists - CBAC is associated with ACLs because one function of CBAC is to ensure return traffic of asession is permitted back to the source - however don't confuse CBAC by thinking ACLs are required. If you apply an inspect list to an interface, inspection takes place, no matter what ACLs are or are not in place. However, remember that ACLs are processed first, so t
暂无评论