I've inherited a preconfigured PIX 515 at my new job. I've been able to connect via hyperterminal and luckily guess the password. I'm attaching the output below of the "show config" command. I'm very new to Cisco equipment, but my needs are very small at the moment and I'm sure it's probably and handful of trivial commands to get me going.
Right now, (and I'm speaking in terms of what I see company wise not in terms of the firewall configuration) the only Internet traffic being specifically routed to a machine is 10.6.18.179. This is our Web/ email server, and to my knowledge the only server accessible to the outside world. The mail server supports IMAP and POP from withing our private netowrk. The mail server is only accessible outside the office through webmail. IMAP and POP support from a mail client like Thunderbird isn't working.
The goal(s):
- I've setup and FTP server on 10.6.18.10 and need to have all traffic on port 21 sent to that machine (internally and externally). The DNS server is already setup to resolve the name, so that shouldn't be an issue.
- I'd like to get IMAP and POP support working outside the office (ports 143 and 110 I assume).
- Very soon our website is going to be outsourced. I assume this will mean two changes on our part: change the DNS entry to point to the third party hosting server and remove the firewall entry that routes traffic to 10.6.18.179.
I hope I've been clear on what I need help with. I appreciate your expertise and patience.
BTW, and not to sound like a jerk, but actual specific commands for accomplishing these 3 tasks in hyperterminal would be more beneficial to me than a vague overview of Cisco theory, broad statements, or hyperbole.
Here's my configuration:
: Saved : Written by enable_15 at 09:13:06.454 UTC Mon Mar 19 2007 PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password xxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxx encrypted hostname xxxxxxxxx domain-name ciscopix.com fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 no fixup protocol http 80 names access-list 101 permit ip 10.6.18.0 255.255.255.0 172.6.18.0
255.255.255.0 pager lines 24 interface ethernet0 100full interface ethernet1 auto interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 68.16.146.90 255.255.255.248 ip address inside 10.6.18.1 255.255.255.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm ip local pool ippool 172.6.18.1-172.6.18.25 pdm location 10.6.18.2 255.255.255.255 inside pdm location 10.6.18.179 255.255.255.255 inside pdm location 67.77.12.0 255.255.255.0 outside pdm history enable arp timeout 14400 global (outside) 1 68.16.146.92-68.16.146.93 netmask 255.255.255.248 global (outside) 1 68.16.146.94 netmask 255.255.255.248 nat (inside) 0 access-list 101 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 68.16.146.91 10.6.18.179 netmask 255.255.255.255 0 0 conduit permit tcp host 68.16.146.91 eq www any conduit permit tcp host 68.16.146.91 eq 444 any conduit permit tcp host 68.16.146.91 eq 81 any conduit permit tcp host 68.16.146.91 eq https any conduit permit tcp host 68.16.146.91 eq ssh any conduit permit tcp host 68.16.146.91 eq telnet any conduit permit tcp host 68.16.146.91 eq ftp any conduit permit tcp host 68.16.146.91 eq smtp any conduit permit tcp host 68.16.146.91 eq pop3 any conduit permit tcp host 68.16.146.91 eq 32000 any route outside 0.0.0.0 0.0.0.0 68.16.146.89 1 route inside 192.168.0.0 255.255.255.0 10.6.18.9 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local http 10.6.18.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set remote esp-des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set remote crypto map remote 10 ipsec-isakmp dynamic dynmap crypto map remote interface outside isakmp enable outside isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 vpngroup remote address-pool ippool vpngroup remote dns-server 10.6.18.2 vpngroup remote wins-server 10.6.18.2 vpngroup remote default-domain xxxxxxxxxxxx.com vpngroup remote idle-time 5000 vpngroup remote password ******** telnet timeout 5 ssh timeout 5 terminal width 80Thanks, Paul