银行网络应急预案XXXX

1、.：.；银行网络应急方案XX股份网络与平安效力部2021年2月目录 TOC o 1-3 h z u HYPERLINK l _Toc316893996 一、银行网络构造拓扑 PAGEREF _Toc316893996 h 3 HYPERLINK l _Toc316893997 二、骨干网通讯缺点 PAGEREF _Toc316893997 h 3 HYPERLINK l _Toc316893998 1.缺点处置人员 PAGEREF _Toc316893998 h 3 HYPERLINK l _Toc316893999 2.电信、联通网络通讯缺点 PAGEREF _Toc316893999 h

2、3 HYPERLINK l _Toc316894000 3.通讯缺点恢复 PAGEREF _Toc316894000 h 3 HYPERLINK l _Toc316894001 4.到总行路由器缺点 PAGEREF _Toc316894001 h 4 HYPERLINK l _Toc316894002 5.路由器缺点处置 PAGEREF _Toc316894002 h 4 HYPERLINK l _Toc316894003 三、中心交换机缺点应急 PAGEREF _Toc316894003 h 5 HYPERLINK l _Toc316894004 1.一台4506交换机缺点应急 PAGERE

3、F _Toc316894004 h 5 HYPERLINK l _Toc316894005 2.当中心交换同时瘫痪在20分钟内保证业务正常运作 PAGEREF _Toc316894005 h 7 HYPERLINK l _Toc316894006 四、第三方外联区网络应急 PAGEREF _Toc316894006 h 19 HYPERLINK l _Toc316894007 1.第三方业务银联区网络应急 PAGEREF _Toc316894007 h 19 HYPERLINK l _Toc316894008 2.其它第三方业务区网络应急 PAGEREF _Toc316894008 h 46

4、HYPERLINK l _Toc316894009 五、联络方式： PAGEREF _Toc316894009 h 56银行网络构造拓扑骨干网通讯缺点缺点处置人员 参与人：XX、XX、XX电信、联通网络通讯缺点根据到总行的两台cisco 7206路由器的日志以及实践登陆设备运用show int ATM4/0.1 、ping对端地址、show ip route、show log，查看上述相关设备和线路能否有反复重起、误码率高、异常路由、错误衔接等情况即可确认缺点。通讯缺点恢复恢复步骤：1重启缺点新路相连路由器，看能否可以自动恢复2) 断电重起无法处理缺点的，停顿运用缺点设备和线路，防止其影响网络

5、其他部分。3) 如系线路缺点通知各有关方面逐项对照处置： 如为中国电信线路缺点，向31000000 报修，并通知分行办公室相关人员。 如为中国联通线路缺点，向XXXX 报修，并通知分行办公室相关人员。到总行路由器缺点查看日志，检查设备缺点前的异常日志信息；登陆路由器运用show log，show ip int brie , show process cpu his , show ip route , ping对端地址等命令来确认缺点。路由器缺点处置一旦发现到总行7206路由器缺点可按以下步骤来处置：联络XX公司，并启动原厂商保修效力备件改换程序。由于两台7206路由器是互为备份的，一台发生缺点

6、不影响实践业务，不调用库房备件和集成商备件改换，等待原厂商备件到达。 对于可以在线插拔的接口模块、有standby 的引擎和电源，优先运用在线改换方式。在线改换的详细操作流程如下：a) 用笔记本电脑衔接在网络设备的Console 上，启动Console 监控和记录；b) 预备好存档的系统配置，备用。如有能够，同时保管当前系统配置；c) 对缺点模块上衔接的线缆做好标志，小心拔下；d) 做好平安接地，拔下缺点模块；e) 检查设备和模块形状，确认能否影响整个设备或其他模块正常运转，standby 模块能否正常接纳；f) 做好平安接地，插上改换的备件模块；g) 检查设备和模块形状，确认能否可以正常识别

7、新模块，能否影响其他模块运转；h) 按原样插上线缆；i) 检查线缆衔接形状正常；j) 确认备件改换胜利。l 对于机箱、不能在线插拔的接口模块、或者没有standby 的引擎和电源，采用下电改换方式。下电改换的详细操作流程如下：a) 预备好存档的系统配置，备用。如有能够，同时保管当前系统配置；b) 预备好原先运用的系统软件，备用；c) 缺点设备下电；d) 对需求拔除的线缆做好标志，小心拔下。假设机箱或引擎改换，需拔除一切衔接线缆；e) 改换备件；f) 用笔记本电脑衔接在网络设备的Console 上，启动Console 监控和记录；g) 设备上电；h) 检查系统自检情况，确认无硬件缺点；i) 安装

8、系统软件；j) 恢复系统配置；k) 冷启动，确认软硬件正常任务； l) 按原样插上其他线缆；m) 检查线缆衔接形状正常；n) 确认备件改换胜利。中心交换机缺点应急一台4506交换机缺点应急查看日志，检查设备缺点前的异常日志信息；登陆交换机运用show log，show ip int brie , show process cpu his , show ip route , ping对端地址，show vlan brie , show vtp stat , show process mem , show modul , show diag , show ip eigrp nei , show c

9、dp nei等一系列命令来查找、确认缺点。由于两台4506中心交换机完全是热备的双机，所以一台发生缺点并不影响业务运转。对于配置问题要制定正确的更改配置脚本，备份当前配置以后实施更改；对于线路问题的要制造新网线，交换缺点的网线；对于硬件问题要练习XX公司，恳求硬件缺点维修。对于可以在线插拔的接口模块、有standby 的引擎和电源，优先运用在线改换方式。在线改换的详细操作流程如下：a) 用笔记本电脑衔接在网络设备的Console 上，启动Console 监控和记录；b) 预备好存档的系统配置，备用。如有能够，同时保管当前系统配置；c) 对缺点模块上衔接的线缆做好标志，小心拔下；d) 做好平安接

10、地，拔下缺点模块；e) 检查设备和模块形状，确认能否影响整个设备或其他模块正常运转，standby 模块能否正常接纳；f) 做好平安接地，插上改换的备件模块；g) 检查设备和模块形状，确认能否可以正常识别新模块，能否影响其他模块运转；h) 按原样插上线缆；i) 检查线缆衔接形状正常；j) 确认备件改换胜利。l 对于机箱、不能在线插拔的接口模块、或者没有standby 的引擎和电源，采用下电改换方式。下电改换的详细操作流程如下：a) 预备好存档的系统配置，备用。如有能够，同时保管当前系统配置；b) 预备好原先运用的系统软件，备用；c) 缺点设备下电；d) 对需求拔除的线缆做好标志，小心拔下。假设

11、机箱或引擎改换，需拔除一切衔接线缆；e) 改换备件；f) 用笔记本电脑衔接在网络设备的Console 上，启动Console 监控和记录；g) 设备上电；h) 检查系统自检情况，确认无硬件缺点；i) 安装系统软件；j) 恢复系统配置；k) 冷启动，确认软硬件正常任务；l) 对于交换机要将VTP 设置为Client 方式，首先衔接上行线缆，确认VTP 复制正确；m) 按原样插上其他线缆；n) 检查线缆衔接形状正常；o) 确认备件改换胜利。当中心交换同时瘫痪在20分钟内保证业务正常运作现有2台备用的cisco3550，在两台中心cisco4506同事瘫痪后，将其作为中心交换来保证业务的正常运作，同

12、时坚持原有的网络拓扑及网络中心的平安战略和qos。3550中心交换配置定义设备命名hostname production设备软件版本运用支持动态路由协议的IOS：c3550-i5k2l2q3-mz.121-13.EA1a.binVlan定义1 default active Fa0/1, Fa0/2, Fa0/35, Fa0/36 Fa0/37, Fa0/38, Fa0/39, Fa0/40 Fa0/41, Fa0/42, Fa0/43, Fa0/44 Fa0/45, Fa0/46, Fa0/47, Fa0/482 vlan0002 active Fa0/10, Fa0/21, Fa0/25,

13、Fa0/34 Gi0/1, Gi0/23 vlan0003 active Fa0/5, Fa0/8, Fa0/11, Fa0/12 Fa0/17, Fa0/19, Fa0/20, Fa0/22 Fa0/28, Fa0/29, Fa0/30, Fa0/324 vlan0004 active Fa0/13, Fa0/18, Fa0/275 vlan0005 active Fa0/76 vlan0006 active 10 vlan0010 active Fa0/4, Fa0/6, Fa0/1420 vlan0020 active 30 vlan0030 active 40 vlan0040 act

14、ive 50 VLAN0050 active 60 VLAN0060 active 63 vlan0063 active 128 vlan0128 active Fa0/3, Fa0/24, Fa0/26, Fa0/31 Fa0/33195 vlan195 active Fa0/16, Fa0/23196 vlan196 active 255 VLAN0255 active Fa0/9, Fa0/15Ip地址分配及hsrpinterface Vlan1 no ip address no ip redirects shutdown standby 10 priority 100 standby

15、10 preempt!interface Vlan2 ip address ip access-group 101 in no ip redirects standby 20 ip standby 20 priority 150 standby 20 preempt! interface Vlan3 ip address ip access-group 101 in no ip redirects standby 30 ip standby 30 priority 150 standby 30 preempt!interface Vlan4 ip address 6 92 no ip redi

16、rects standby 40 ip 5 standby 40 priority 150 standby 40 preempt!interface Vlan5 ip address 92 no ip redirects standby 50 ip standby 50 priority 150 standby 50 preempt!interface Vlan6 no ip address no ip redirects shutdown standby 60 ip standby 60 priority 150 standby 60 preempt!interface Vlan10 ip

17、address ip access-group 103 in no ip redirects standby 100 ip standby 100 timers 5 15 standby 100 priority 200 standby 100 preempt standby 100 track Vlan10 50!interface Vlan20 no ip address no ip redirects standby 110 timers 5 15 standby 110 priority 150 standby 110 preempt standby 110 track Vlan20

18、50!interface Vlan30 no ip address ip access-group 101 in no ip redirects shutdown standby 120 ip 00 standby 120 timers 5 15 standby 120 priority 200 standby 120 preempt standby 120 track Vlan30 50!interface Vlan40 no ip address ip access-group 101 in no ip redirects shutdown standby 130 ip 00 standb

19、y 130 timers 5 15 standby 130 priority 150 standby 130 preempt standby 130 track Vlan40 50!interface Vlan50 ip address ip helper-address 0 no ip redirects standby 150 ip standby 150 timers 5 15 standby 150 priority 150 standby 150 preempt standby 150 track Vlan150!interface Vlan63 no ip address no i

20、p redirects!interface Vlan128 ip address ip access-group 101 in no ip redirects standby 160 ip standby 160 timers 5 15 standby 160 priority 150 standby 160 preempt standby 160 track Vlan128 50!interface Vlan150 no ip address shutdown!interface Vlan195 ip address no ip redirects standby 195 ip standb

21、y 195 priority 150 standby 195 preempt!interface Vlan196 no ip address no ip redirects shutdown standby 196 ip standby 196 priority 100 standby 196 preempt!interface Vlan255 ip address no ip redirects standby 255 ip standby 255 priority 200 standby 255 preempt路由战略router eigrp 20 redistribute static

22、network 55 no auto-summary no eigrp log-neighbor-changesip route 8ip route 55 8ip route 11 55 8ip route 8ip route 8ip route 45 55 8ip route 55 5ip route 55 6ip route 55 7ip route 1 55 8ip route 2 55 8ip route 3 55 8ip route 4 55 8interface Vlan2 ip address ip access-group 101 ininterface Vlan3 ip ad

23、dress ip access-group 101 ininterface Vlan30 no ip address ip access-group 101 ininterface Vlan40 no ip address ip access-group 101 ininterface Vlan128 ip address ip access-group 101 inaccess-list 101 permit ip host 40 host 46access-list 101 permit ip host 40 host 45access-list 101 deny ip 55 55acce

24、ss-list 101 deny ip 55 55access-list 101 deny ip 55 55access-list 101 deny ip 55 55access-list 101 deny ip 55 55access-list 101 deny ip 55 55access-list 101 permit ip any anyinterface Vlan10 ip address ip access-group 103 inaccess-list 103 permit ip host 45 host 0access-list 103 permit ip host 40 ho

25、st 0access-list 103 permit ip host 40 host 46access-list 103 permit ip host 40 host 45access-list 103 permit ip host 45 host 8access-list 103 permit ip host 40 host 8access-list 103 permit ip host 45 host 2access-list 103 permit ip host 40 host access-list 103 permit ip host 1 host 0access-list 103

26、permit ip 55 host access-list 103 permit ip 55 host access-list 103 permit ip 55 host access-list 103 permit ip 55 host 0access-list 103 permit ip 55 host 3access-list 103 permit ip 55 host 5access-list 103 permit ip 55 host 6access-list 103 permit ip 55 host 0access-list 103 permit ip 55 host 3acce

27、ss-list 103 permit ip 55 host 3access-list 103 permit ip 55 host 7access-list 103 permit ip host 45 host 9access-list 103 permit ip host 40 host 9access-list 103 deny ip 55 55access-list 103 deny ip 55 55access-list 103 deny ip 55 55access-list 103 deny ip 55 55access-list 103 deny ip 55 55access-li

28、st 103 deny ip 55 55access-list 103 permit ip any anyQos作为中心交换机无需在此配置qos平安战略aaa new-modelaaa authentication login spdb-acs group tacacs+ enableaaa accounting exec spdb-acs start-stop group tacacs+aaa accounting commands 0 spdb-acs start-stop group tacacs+aaa accounting commands 1 spdb-acs start-stop

29、 group tacacs+aaa accounting commands 2 spdb-acs start-stop group tacacs+aaa accounting commands 3 spdb-acs start-stop group tacacs+aaa accounting commands 4 spdb-acs start-stop group tacacs+aaa accounting commands 5 spdb-acs start-stop group tacacs+aaa accounting commands 6 spdb-acs start-stop grou

30、p tacacs+aaa accounting commands 7 spdb-acs start-stop group tacacs+aaa accounting commands 8 spdb-acs start-stop group tacacs+aaa accounting commands 9 spdb-acs start-stop group tacacs+aaa accounting commands 10 spdb-acs start-stop group tacacs+aaa accounting commands 11 spdb-acs start-stop group t

31、acacs+aaa accounting commands 12 spdb-acs start-stop group tacacs+aaa accounting commands 13 spdb-acs start-stop group tacacs+aaa accounting commands 14 spdb-acs start-stop group tacacs+aaa accounting commands 15 spdb-acs start-stop group tacacs+ip tacacs source-interface Loopback0tacacs-server host

32、 7tacacs-server host 4tacacs-server key s9y8logging trap debugginglogging source-interface Loopback0logging 4logging 5line vty 0 4 exec-timeout 5 0 accounting commands 0 spdb-acs accounting commands 1 spdb-acs accounting commands 2 spdb-acs accounting commands 3 spdb-acs accounting commands 4 spdb-a

33、cs accounting commands 5 spdb-acs accounting commands 6 spdb-acs accounting commands 7 spdb-acs accounting commands 8 spdb-acs accounting commands 9 spdb-acs accounting commands 10 spdb-acs accounting commands 11 spdb-acs accounting commands 12 spdb-acs accounting commands 13 spdb-acs accounting com

34、mands 14 spdb-acs accounting commands 15 spdb-acs accounting exec spdb-acs login authentication spdb-acs网管配置access-list 10 permit 8access-list 10 permit 9access-list 10 permit 6access-list 10 permit 7access-list 10 permit 5snmp-server community public ROsnmp-server community read RO 10snmp-server tr

35、ap-source Loopback0snmp-server enable traps snmp authentication warmstartsnmp-server enable traps configsnmp-server enable traps entitysnmp-server enable traps rtrsnmp-server enable traps vtpsnmp-server host 4 public snmp-server host 5 read其他配置service timestamps debug datetime localtime show-timezon

36、eservice timestamps log datetime localtime show-timezoneservice password-encryptionno ip domain-lookupip cef load-sharing algorithm originalclock timezone BJT 8ntp source Loopback0ntp server 0monitor session 1 source vlan 1 , 10 , 192 rxmonitor session 1 destination interface Fa0/5网络实施前期预备一、8条交叉线2条做

37、trunk，6条连向楼层交换机二、将楼层交换机的fa0/47和48口空出来，并做好相应的配置实施步骤第一步：两台3550上架并加电启用估计3分钟第二步：将衔接hp小机的光纤接口连到3550上估计1分钟 cisco4506主的gigabit1/1对应3550主的gigabit0/1 cisco4506主的gigabit2/2对应3550主的gigabit0/2 cisco4506备的gigabit1/1对应3550主的gigabit0/1 cisco4506备的gigabit2/2对应3550主的gigabit0/2第三步：将现成的交叉线在3550主备之间互连做etherchannel(估计1分

38、钟) 3550主的fa0/47对应3550备的fa0/47 3550主的fa0/48对应3550备的fa0/48第四步：将连在cisco4506上一切的电口都挪向3550上估计5分钟 cisco4506主的fa2/3对应3550主的fa0/3 cisco4506主的fa2/4对应3550主的fa0/4 以此类推 cisco4506主的fa2/34对应3550主的fa0/34 cisco4506备的fa2/3对应3550备的fa0/3 cisco4506备的fa2/4对应3550备的fa0/4 以此类推 cisco4506备的fa2/34对应3550备的fa0/34第五步：3台楼层交换机与355

39、0之间的互连估计3分钟 3550主的fa0/41对应255.15的fa0/47 3550主的fa0/43对应255.16的fa0/47 3550主的fa0/45对应255.17的fa0/47 3550备的fa0/41对应255.15的fa0/48 3550备的fa0/43对应255.16的fa0/48 3550备的fa0/45对应255.17的fa0/48第三方外联区网络应急第三方业务银联区网络应急线路缺点：发生缺点时，登陆ASA防火墙、交换机、路由器经过show log , show ip int brie , show interface , ping , show ip route ,

40、show route等命令来确认相关接口在缺点发生前和发生时的形状，找出问题线路。假设是内部网络线路，在线改换的详细操作流程如下：a) 用笔记本电脑衔接在网络设备的Console 上，启动Console 监控和记录；b) 预备好存档的系统配置，备用。如有能够，同时保管当前系统配置；c) 对缺点模块上衔接的线缆做好标志，小心拔下；d) 做好平安接地，插上改换的新网线 e) 检查线缆衔接形状正常；f) 确认线缆改换胜利。假设是外部线缆，那么确认缺点后，由XX打保修，联络联通、挪动公司人员前来维修。设备缺点：由于银联区一切的设备都是双机热备，所以一台发生缺点并不影响业务运转。对于配置问题要制定正确的

41、更改配置脚本，备份当前配置以后实施更改；对于硬件问题要练习XX公司，恳求硬件缺点维修。 两台设备缺点：运用1台ASA 5540防火墙备份ASA防火墙的配置、运用1台cisco 1841路由器备份衔接银联方路由器的配置，恣意1台交换机无需配置用来备份银联区交换机。ASA防火墙配置：spdbsyasa# sh run: Saved:ASA Version 8.2(1) !hostname spdbsyasaenable password 2KFQnbNIdI.2KYOU encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Gigabi

42、tEthernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 8 !interface GigabitEthernet0/1 nameif inside security-level 100 ip address 8 !interface GigabitEthernet0/2 nameif dmz security-level 50 ip address !interface GigabitEthernet0/3 description LAN Failover Interface!interface

43、 Management0/0 shutdown no nameif no security-level no ip address!ftp mode passiveaccess-list IPP_PAT extended permit ip host 1 host 5 access-list IPP_PAT extended permit ip host 2 host 5 access-list IPP_PAT extended permit ip host 3 host 5 access-list IPP_PAT extended permit ip host 1 host 8 access

44、-list IPP_PAT extended permit ip host 2 host 8 access-list IPP_PAT extended permit ip host 3 host 8 access-list OUTSIDE_IN extended permit icmp any any access-list OUTSIDE_IN extended permit tcp host 1 host eq 21428 access-list OUTSIDE_IN extended permit tcp host 1 eq 21428 host access-list OUTSIDE_

45、IN extended permit tcp host 1 host eq 23428 access-list OUTSIDE_IN extended permit tcp host 1 eq 23428 host access-list OUTSIDE_IN extended permit tcp host 3 host eq 21428 access-list OUTSIDE_IN extended permit tcp host 3 eq 21428 host access-list OUTSIDE_IN extended permit tcp host 3 host eq 23428

46、access-list OUTSIDE_IN extended permit tcp host 3 eq 23428 host access-list OUTSIDE_IN extended permit tcp host 31 eq 6060 host 2 access-list OUTSIDE_IN extended permit udp 4 48 eq snmptrap access-list OUTSIDE_IN extended permit udp 4 48 eq syslog access-list OUTSIDE_IN extended permit udp host 4 eq

47、 radius access-list OUTSIDE_IN extended permit udp host 4 eq radius-acct access-list OUTSIDE_IN extended permit udp host 4 eq 1812 access-list OUTSIDE_IN extended permit udp host 4 eq 1813 access-list OUTSIDE_IN extended permit tcp host 4 eq tacacs access-list OUTSIDE_IN extended permit udp host 7 e

48、q radius access-list OUTSIDE_IN extended permit udp host 7 eq radius-acct access-list OUTSIDE_IN extended permit udp host 7 eq 1812 access-list OUTSIDE_IN extended permit udp host 7 eq 1813 access-list OUTSIDE_IN extended permit tcp host 7 eq tacacs access-list OUTSIDE_IN extended permit udp host 0

49、access-list OUTSIDE_IN extended permit tcp host 0 access-list INSIDE_OUT extended permit icmp any any access-list INSIDE_OUT extended permit tcp host 1 host 5 eq 21428 access-list INSIDE_OUT extended permit tcp host 1 eq 21428 host 5 access-list INSIDE_OUT extended permit tcp host 1 host 5 eq 23428

50、access-list INSIDE_OUT extended permit tcp host 1 eq 23428 host 5 access-list INSIDE_OUT extended permit tcp host 1 host 8 eq 21428 access-list INSIDE_OUT extended permit tcp host 1 eq 21428 host 8 access-list INSIDE_OUT extended permit tcp host 1 host 8 eq 23428 access-list INSIDE_OUT extended perm

51、it tcp host 1 eq 23428 host 8 access-list INSIDE_OUT extended permit tcp host 2 host 5 eq 21428 access-list INSIDE_OUT extended permit tcp host 2 eq 21428 host 5 access-list INSIDE_OUT extended permit tcp host 2 host 5 eq 23428 access-list INSIDE_OUT extended permit tcp host 2 eq 23428 host 5 access

52、-list INSIDE_OUT extended permit tcp host 2 host 8 eq 21428 access-list INSIDE_OUT extended permit tcp host 2 eq 21428 host 8 access-list INSIDE_OUT extended permit tcp host 2 host 8 eq 23428 access-list INSIDE_OUT extended permit tcp host 2 eq 23428 host 8 access-list INSIDE_OUT extended permit tcp

53、 host 3 host 5 eq 21428 access-list INSIDE_OUT extended permit tcp host 3 eq 21428 host 5 access-list INSIDE_OUT extended permit tcp host 3 host 5 eq 23428 access-list INSIDE_OUT extended permit tcp host 3 eq 23428 host 5 access-list INSIDE_OUT extended permit tcp host 3 host 8 eq 21428 access-list

54、INSIDE_OUT extended permit tcp host 3 eq 21428 host 8 access-list INSIDE_OUT extended permit tcp host 3 host 8 eq 23428 access-list INSIDE_OUT extended permit tcp host 3 eq 23428 host 8 access-list INSIDE_OUT extended permit tcp host 45 host 2 eq 6060 access-list INSIDE_OUT extended permit ip 4 48 a

55、ny access-list INSIDE_OUT extended permit ip host 4 any access-list INSIDE_OUT extended permit ip host 7 any access-list INSIDE_OUT extended permit udp host 0 any eq ntp access-list INSIDE_OUT extended permit udp host 2 any eq ntp pager lines 24mtu outside 1500mtu inside 1500mtu dmz 1500failoverfail

56、over lan unit primaryfailover lan interface failoverlan GigabitEthernet0/3failover polltime unit msec 500 holdtime 5failover interface ip failoverlan standby icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 2 nat (inside) 2 access-list IPP_PATstatic (

57、inside,outside) tcp 21428 3 21428 netmask 55 static (inside,outside) tcp 23428 3 23428 netmask 55 static (inside,outside) tcp telnet 3 telnet netmask 55 static (outside,inside) 5 1 netmask 55 static (outside,inside) 8 3 netmask 55 static (inside,outside) 2 45 netmask 55 static (outside,inside) 2 31

58、netmask 55 static (inside,outside) 0 0 netmask 55 static (inside,outside) 2 2 netmask 55 static (inside,outside) 5 5 netmask 55 static (inside,outside) 6 6 netmask 55 static (inside,outside) 7 7 netmask 55 static (inside,outside) 8 8 netmask 55 static (inside,outside) 9 9 netmask 55 static (inside,o

59、utside) 4 4 netmask 55 static (inside,outside) 7 7 netmask 55 access-group OUTSIDE_IN in interface outsideaccess-group INSIDE_OUT in interface insideroute outside 1 55 5 1route outside 3 55 5 1route inside 0 1route outside 5 1route inside 4 48 0 1route outside 31 55 5 1timeout xlate 3:00:00timeout c

60、onn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembl