Next: Interfaces de red Up: PIX Firewall Previous: Introducción Índice General
pixie>Si en este prompt tecleamos la orden `?', nos mostrará la ayuda disponible en el modo sin privilegios:
dixie> ? enable Enter privileged mode or change privileged mode password pager Control page length for pagination quit Disable, end configuration or logout dixie>Son pocos comandos con los que apenas se puede hacer nada; la orden pager nos permite ajustar el número de líneas para paginar, la orden quit (o exit) sale del firewall, y la orden enable nos pasa a modo superusuario, pidiendo la contraseña (que por defecto será `cisco'); cada orden del PIX se puede abreviar (por ejemplo, en lugar de enable podríamos teclear ena):
dixie> ena Password: ***** dixie#Como vemos, al estar en modo privilegiado, el prompt cambia y nos muestra una almohadilla; en este modo ya podemos reconfigurar parámetros del PIX, y tenemos más órdenes disponibles que antes:
dixie# ? arp Change or view the arp table, and set the arp timeout value auth-prompt Customize authentication challenge, reject or acceptance prompt configure Configure from terminal, floppy, or memory, clear configure copy Copy image from TFTP server into flash. debug Debug packets or ICMP tracings through the PIX Firewall. disable Exit from privileged mode enable Modify enable password flashfs Show or destroy filesystem information kill Terminate a telnet session pager Control page length for pagination passwd Change Telnet console access password ping Test connectivity from specified interface to <ip> quit Disable, end configuration or logout reload Halt and reload system session Access an internal AccessPro router console terminal Set terminal line parameters who Show active administration sessions on PIX write Write config to net, flash, floppy, or terminal, or erase flash dixie#Para comenzar a reconfigurar el firewall nos pondremos en modo configuración (desde modo privilegiado) con la orden configure (la `t' corresponde a Terminal); de nuevo, cambia el prompt que nos aparece en consola:
dixie# con t dixie(config)#En este modo disponemos de más comandos para configurar el PIX; como siempre, podemos verlos con la orden `?':
dixie(config)# ?
aaa Enable, disable, or view TACACS+ or RADIUS
user authentication, authorization and accounting
access-group Bind an access-list to an interface to filter inbound traffic
access-list Add an access list
age This command is deprecated. See ipsec, isakmp, map, ca commands
alias Administer overlapping addresses with dual NAT.
apply Apply outbound lists to source or destination IP addresses
arp Change or view the arp table, and set the arp timeout value
auth-prompt Customize authentication challenge, reject or acceptance prompt
aaa-server Define AAA Server group
ca CEP (Certificate Enrollment Protocol)
Create and enroll RSA key pairs into a PKI (Public Key Infrastructure).
clock Show and set the date and time of PIX
conduit Add conduit access to higher security level network or ICMP
crypto Configure IPsec, IKE, and CA
configure Configure from terminal, floppy, or memory, clear configure
copy Copy image from TFTP server into flash.
debug Debug packets or ICMP tracings through the PIX Firewall.
disable Exit from privileged mode
domain-name Change domain name
dynamic-map Specify a dynamic crypto map template
enable Modify enable password
established Allow inbound connections based on established connections
failover Enable/disable PIX failover feature to a standby PIX
filter Enable, disable, or view URL, Java, and ActiveX filtering
fixup Add or delete PIX service and feature defaults
flashfs Show or destroy filesystem information
ipsec Configure IPSEC policy
isakmp Configure ISAKMP policy
global Specify, delete or view global address pools,
or designate a PAT(Port Address Translated) address
hostname Change host name
vpdn Configure VPDN (PPTP) Policy
interface Identify network interface type, speed duplex, and if shutdown
ip Set ip address for specified interface,
define a local address pool, or
toggle Unicast Reverse Path Forwarding on an interface.
kill Terminate a telnet session
link This command is deprecated. See ipsec, isakmp, map, ca commands
linkpath This command is deprecated. See ipsec, isakmp, map, ca commands
logging Enable logging facility
map Configure IPsec crypto map
mtu Specify MTU(Maximum Transmission Unit) for an interface
name Associate a name with an IP address
nameif Assign a name to an interface
names Enable, disable or display IP address to name conversion
nat Associate a network with a pool of global IP addresses
outbound Create an outbound access list
pager Control page length for pagination
passwd Change Telnet console access password
ping Test connectivity from specified interface to <ip>
quit Disable, end configuration or logout
radius-server Specify a RADIUS aaa server
reload Halt and reload system
rip Broadcast default route or passive RIP
route Enter a static route for an interface
session Access an internal AccessPro router console
snmp-server Provide SNMP and event information
sysopt Set system functional option
static Map a higher security level host address to global address
tacacs-server Specify a TACACS+ server
telnet Add telnet access to PIX console and set idle timeout
terminal Set terminal line parameters
tftp-server Specify default TFTP server address and directory
timeout Set the maximum idle times
url-cache Enable URL caching
url-server Specify a URL filter server
virtual Set address for authentication virtual servers
who Show active administration sessions on PIX
write Write config to net, flash, floppy, or terminal, or erase flash
dixie(config)#
© 2002 Antonio Villalón Huerta