Config Help-I'm being Lazy

Can any of you Cisco guru's create a sample config file for the following setup. I'm attempting to let the experts do this so It's gets done right (and I don't have to read the manual to figure out how to do something I should only have to do once)

I have a PIX 501-firewall

Questions:

--------- #1. Can this device collect bandwidth usage statistics by IP by port? #2. I expect at most 10 concurrent web/mail connections. Will this handle that with no problems. #3. Can it email my cell phone with problems

All the following info is hypothetical

My external IPs are: 198.252.36.2-254 My Gateway IP is: 198.252.36.1 My internal network is 172.16.1.x

my internal smtp server will be located at

IP address: 172.16.1.2 user: mysmtpuser password: mysmtppassword it will require authentication

I want to route inbound comm to ports as follows:

open these for UDP and TCP Inbound IP#1: 198.252.36.10 ------------- 80 172.16.1.210 20 172.16.1.210 21 172.16.1.210 443 172.16.1.210 110 172.16.1.215 25 172.16.1.215

553 172.16.1.219

block all other ports inbound

open these for UDP and TCP Inbound IP#2: 198.252.36.20 ------------- 80 172.16.1.220 20 172.16.1.220 21 172.16.1.220 443 172.16.1.220

110 172.16.1.225 25 172.16.1.225

block all other ports inbound

I want to setup a Hardware VPN to another PIX-501 all ports open in both directions from the specified IP Only

It's IP address is: 198.252.22.22 this connection should stay connected

I want to set up three Cisco VPN Client and one Microsoft VPN Clients Accesses

Cisco Client #1

--------------- Can only connect from IP 198.252.36.015 Group Authentication Name Group#1 Password Group1Password Either do not require a password or permit it to be saved

Cisco Client #2

--------------- Can connect from Any outside Address Group Name Group#2 Password Group2Password This one should timeout if no activity for 30 minutes This password should not be savable

Cisco Client #3

--------------- This will be the same Hardware VPN to another PIX-501 as above. all ports open in both directions from the specified IP Only It's IP address: 198.252.11.11

The Microsoft one should:

------------------------ accept a connection from any IP address and require secured password User Name: Group3 Password: Group3Password

Reply to
Curt
Loading thread data ...

That is really funny.

Reply to
Smokey

When my wife asks me, "Darling, why haven't you come to bed yet (nudge, nudge)?", I need something better to tell her than "I was giving away the fruit of my years of professional experience for free to someone who did not want be bothered opening the manual."

Reply to
Walter Roberson

Hi Curt,

You may wish to investigate:

Configure a Cisco PIX Firewall with this template

formatting link
as well as Cisco PIX VPN GUI Config

formatting link
Sincerely,

Brad Reese

formatting link

Reply to
www.BradReese.Com

Thank you very much. This help I can use.

I'm glad to have been amuzing to the experts. People that uptight need a laugh. I'm on a really tight budget and can't afford one of the experts.

Also, I'm trying to get something new going with out learning a bunch of stuf I will not use again.

Reply to
Curt

It is not the fact that people are uptight, it is the fact that you come to a NG and ask for a complete config, not only that a complex config. You did not even try to attempt configuring the interfaces for crist sake, if we were to give you a complete config would you know what to do with it?

Good for you, good luck with that.

Reply to
Smokey

In a situation such as yours, the recommendation from security professionals would be to not put in any firewall at all.

Seriously.

A firewall that is not maintained, updated with new software releases, and the logs monitored, is worse than not having a firewall. If you do not have a firewall, then you will *know* you are vulnerable, and so will take care in maintaining the security of your interior hosts; but if you just set up the firewall and then do not pay attention to it, you will be under the -illusion- that you are safe and so will neglect the security on your interior systems and never notice when the crackers take control of them.

In saying the above, I am not "jiving you", making up something silly but plausible: I am conveying what much better security experts than I have said often. As Bruce Schneier, famous cryptography and security expert says in his book, Secrets and Lies, "Security is a process, not a product."

formatting link
Another quote from him there:

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

Reply to
Walter Roberson

While I can understand this reaction, if you view this differently it starts to make sense.

Consider a theoretical question: "I am new to this, I got a "empty" router, could anyone provide me with a fully populated configuration to do X/Y which I could use as a template to guide me to configure my router ?"

Having a template that is known to work would most certaintly help a newcomer by seeing real world examples of configuration commands.

It is one thing to go through a manual to read about individual commands. It is another to know what sort of command combinations result in what you really want to do.

Reply to
JF Mezei

Now this is really BS, while I can understand this could help the OP get started on his config by seeing a complete config, BUT by using an well known tool called '

formatting link
' and entering the line 'cisco pix config' the first 80 pages are all examples of cisco configs. As the subject states if the OP is too lazy to visit '
formatting link
' and enter

*ANY* search criteria he really can not bitch too much about the help he does not receive.

It would be kinda like me stepping into a sql NG and asking I need a fully functional ASP front end and sql backend to do X /Y I am too lazy to learn, and do not have the budget to pay someone so can someone do this for me? I would think most people in that situation would say 'hell NO' as well. What do you think?

Reply to
Smokey

And speaking of google lets have a look at the first hit shall we?

formatting link
^^^^^^^^^^^^^^^^^^^^^^^^

wow a whole page dedicated to cisco pix example configs, who would have thought it would be sooo hard to find...

Reply to
Smokey

formatting link

OK. I stand corrected then. The Cisco site can be overwhelming to a newbie. I got help from this newsgroup just to find the right web pages for the manual for my switch.

The original poster got his answer in your response.

Reply to
JF Mezei

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.