I am having problems configuring a PIX firewall in my class. The following is th lab topology being used.
I have been researching this online and have not found the answers needed. Any help that can be given would be appreciated. I'd like to know what ACL's need to be added and what type of NAT is needed if different from the below configs.
RBB Router configs:
no service password-encryption
hostname RBB
banner motd ^C !!!Authorized Access Only!!! ^C
enable secret 5 $1$n8o7$Q/NMLe3N3ns9vxrprc9Cg.
ip subnet-zero
no ip domain-lookup
interface FastEthernet0/0 Description #Web/FTP Server# ip address 172.26.26.150 255.255.0.0 no keepalive duplex auto speed auto no shutdown
interface FastEthernet0/1 no ip address duplex auto speed auto shutdown
interface Serial0/0/0 description #Student PODx# ip address 200.168.1.1 255.255.255.0 no fair-queue no shutdown
interface Serial0/0/1 description #Student PODy# ip address 201.168.1.1 255.255.255.0 no shutdown
router rip version 2 no auto-summary network 172.26.0.0 network 200.168.1.0 network 201.168.1.0
ip classless ip http server
line con 0 exec-timeout 0 0 password cisco login
line aux 0 password cisco
Student Pod Y Router:
no service password-encryption ! hostname PODy ! enable secret 5 $1$JJm9$SCXwMrTXw./NomitC.S5H0 ! no ip domain lookup ! interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto no shutdown ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 description #Connected to RBB s0/0/1# ip address 201.168.1.2 255.255.255.0 no fair-queue clock rate 64000 no shutdown ! interface Serial0/0/1 no ip address shutdown no clock rate exit ! router rip version 2 no auto-summary network 192.168.2.0 network 201.168.1.0 ! ip http server ! banner motd ^C !!!Authorized Access Only!!! ^C ! line con 0 password cisco login ! line aux 0 password cisco login ! line vty 0 4 password cisco login ! end
Student pod X Router
hostname PODxx enable secret class line console 0 password cisco login logging synchronous line vty 0 4 password cisco login logging synchronous end
config t int fa0/0 ip address 192.168.1.1 255.255.255.0 no shutdown int s0/0/0 ip address 200.168.1.2 255.255.255.0 clockrate 64000 no shutdown end
config t router rip version 2 network 192.168.1.0 network 200.168.1.0 end
Pix Firewall Y
Hostname PIXy ! Domain PHCC ! enable password class ! interface e0 nameif outside ip address 192.168.2.2 255.255.255.0 no shutdown ! interface e1 nameif inside ip address 10.0.2.1 255.255.255.0 no shutdown ! interface e2 nameif DMZ security 50 ip address 172.16.2.1 255.255.0.0 no shutdown exit ! logging enable logging timestamp logging trap 7 logging host inside 10.0.2.10 ! global (outside) 1 192.168.2.11 netmask 255.255.255.255 Nat (inside) 1 10.0.2.0 255.255.255.0 ! route outside 0 0 192.168.2.1 1 ! icmp permit any any echo inside ! static (inside,outside) 192.168.2.10 10.0.2.11 netmask 255.255.255.255
0 0 ! access-list Ping permit icmp any host 192.168.1.10 echo access-group Ping in interface outsidePIX Firewall X
hostname FIREWALL domain phcclab int e0 nameif outside ip address 192.168.1.2 255.255.255.0 no shutdown int e1 nameif inside ip address 10.0.1.1 255.255.255.0 no shutdown int e2 nameif DMZ security 50 ip address 172.16.1.1 255.255.255.0 exit global (outside) 1 192.168.1.20 netmask 255.255.255.255 nat (inside) 1 10.0.1.0 255.255.255.0 50 100 route outside 0 0 192.168.1.1 1 logging enable logging timestamp logging trap 7 logging host inside 10.0.1.11 static (DMZ,outside) 192.168.1.12 172.16.1.2 netmask 255.255.255.255 0
0 icmp permit any echo inside static (inside,outside) 192.168.1.10 10.0.1.11 netmask 255.255.255.255 0 0 access-list Ping permit icmp any host 192.168.2.10 echo access-group Ping in interface outside end show runAny help with this would be greatly appreciated.
Thank you