Can any of you Cisco guru's create a sample config file for the following setup. I'm attempting to let the experts do this so It's gets done right (and I don't have to read the manual to figure out how to do something I should only have to do once)
I have a PIX 501-firewall
Questions:
--------- #1. Can this device collect bandwidth usage statistics by IP by port? #2. I expect at most 10 concurrent web/mail connections. Will this handle that with no problems. #3. Can it email my cell phone with problems
All the following info is hypothetical
My external IPs are: 198.252.36.2-254 My Gateway IP is: 198.252.36.1 My internal network is 172.16.1.x
my internal smtp server will be located at
IP address: 172.16.1.2 user: mysmtpuser password: mysmtppassword it will require authentication
I want to route inbound comm to ports as follows:
open these for UDP and TCP Inbound IP#1: 198.252.36.10 ------------- 80 172.16.1.210 20 172.16.1.210 21 172.16.1.210 443 172.16.1.210 110 172.16.1.215 25 172.16.1.215
553 172.16.1.219block all other ports inbound
open these for UDP and TCP Inbound IP#2: 198.252.36.20 ------------- 80 172.16.1.220 20 172.16.1.220 21 172.16.1.220 443 172.16.1.220
110 172.16.1.225 25 172.16.1.225block all other ports inbound
I want to setup a Hardware VPN to another PIX-501 all ports open in both directions from the specified IP Only
It's IP address is: 198.252.22.22 this connection should stay connected
I want to set up three Cisco VPN Client and one Microsoft VPN Clients Accesses
Cisco Client #1
--------------- Can only connect from IP 198.252.36.015 Group Authentication Name Group#1 Password Group1Password Either do not require a password or permit it to be saved
Cisco Client #2
--------------- Can connect from Any outside Address Group Name Group#2 Password Group2Password This one should timeout if no activity for 30 minutes This password should not be savable
Cisco Client #3
--------------- This will be the same Hardware VPN to another PIX-501 as above. all ports open in both directions from the specified IP Only It's IP address: 198.252.11.11
The Microsoft one should:
------------------------ accept a connection from any IP address and require secured password User Name: Group3 Password: Group3Password