学员提问:
pix# show run
: Saved
:
PIX Version 8.0(2)
!
hostname pix
domain-name cisco
enable password ****************
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 192.168.0.2 255.255.255.0
!
interface Ethernet1
speed 100
duplex full
nameif dmz
security-level 50
ip address 172.16.2.254 255.255.255.0
!
interface GigabitEthernet0
nameif inside
security-level 100
ip address 172.16.20.254 255.255.255.0
!
interface GigabitEthernet1
nameif intf3
security-level 6
no ip address
!
passwd ****************
boot system flash:/pix802.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco
access-list 120 extended permit ip any any
access-list 120 extended permit tcp any any
access-list 120 extended permit icmp any any
access-list 120 extended permit udp any any
pager lines 24
logging enable
logging console warnings
logging monitor warnings
mtu outside 1500
mtu dmz 1500
mtu inside 1500
mtu intf3 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-523.bin
asdm history enable
arp timeout 14400
global (outside) 1 192.168.0.3
global (dmz) 1 172.16.2.251
nat (dmz) 1 0.0.0.0 0.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) 192.168.0.4 172.16.2.1 netmask 255.255.255.255
static (inside,dmz) 172.16.2.5 10.0.9.11 netmask 255.255.255.255
static (inside,dmz) 172.16.2.6 10.0.9.13 netmask 255.255.255.255
static (inside,dmz) 172.16.2.8 10.0.9.14 netmask 255.255.255.255
static (inside,dmz) 172.16.2.9 10.0.9.15 netmask 255.255.255.255
static (inside,dmz) 172.16.2.10 10.0.9.16 netmask 255.255.255.255
static (inside,dmz) 172.16.2.11 10.0.9.21 netmask 255.255.255.255
static (inside,dmz) 172.16.2.12 100.100.100.11 netmask 255.255.255.255
static (inside,dmz) 172.16.2.13 100.100.100.12 netmask 255.255.255.255
static (inside,outside) 172.16.10.251 192.168.0.21 netmask 255.255.255.255
access-group 120 in interface outside
access-group 120 in interface dmz
route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
route inside 10.0.9.0 255.255.255.0 172.16.20.253 1
route inside 172.16.8.0 255.255.255.0 172.16.20.253 1
route inside 172.16.10.0 255.255.255.0 172.16.20.253 1
route inside 172.16.40.0 255.255.255.0 172.16.20.253 1
route inside 172.16.90.0 255.255.255.0 172.16.20.253 1
timeout xlate 3:00:00
timeout conn 0:00:00 half-closed 0:00:00 udp 0:00:00 icmp 0:00:02
timeout sunrpc 0:00:00 h323 0:00:00 h225 0:00:00 mgcp 0:00:00 mgcp-pat 0:05:0
timeout sip 0:00:00 sip_media 0:00:00 sip-invite 0:03:00 sip-disconnect 0:02:
timeout uauth 0:00:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
http 172.16.20.50 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-vpn
no crypto isakmp nat-traversal
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 dmz
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 60
ssh timeout 5
ssh version 1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect http
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:2969c79f548ec0881797eb0ba66f0682
: end
pix# show log
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: level warnings, 10645 messages logged
Monitor logging: level warnings, 10645 messages logged
Buffer logging: disabled
Trap logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: disabled
问:Console logging: level warnings, 10645 messages logged
Monitor logging: level warnings, 10645 messages logged
这2条警告是什么意思?
捷盈讲师及学员解答:
查看下CONSOLE 口与监控日志,一共有10645条已经被记录,应该查看日志文件内容才知道什么情况。有可能你的日志量太大,导致了警告。