I need a detailed tutorial or guide on how to set up basic services like traffic through port 80 translated to a web server using ASDM 6.0 for a PIX 515E I have the super basic config set like interfaces and admin users but I am having trouble doing basic nat for port 80 443 and 22 traffic. Also if you have a good resource on remote VPN access configuration for the MS VPN client that would be helpful.
I have looked through the help files that come along with ASDM and thought I had the config correct but no luck.
Can you get on a console? Enable SSH or Telnet on the inside interface and login to the device. Do you have an IP address for the outside interface or will it be dynamic? Post a cleansed version of your "show run" output and we can help.
ASDM is pretty hard to describe, better to see the configuration in the console and in my view it is clearer once you get the hang of it. Use ADSM for viewing stats and VPN connections and CPU useage, not configuration (at least at first).
Thanks for the response. I have set the external ip and internal ip both are static. I have telnet enabled and used it to enable the interfaces and a few policies......
This is the current config:
: Saved : PIX Version 8.0(2) ! hostname domain-name enable password encrypted names name ! interface Ethernet0 nameif outside security-level 0 ip address ip cleaned 255.255.255.240 ospf cost 10 ! interface Ethernet1 nameif inside security-level 100 ip address ip cleaned 255.255.255.0 ospf cost 10 ! interface Ethernet2 shutdown no nameif no security-level no ip address ! interface Ethernet3 shutdown no nameif no security-level no ip address ! passwd IGt/YV.MXoTSVYGO encrypted ftp mode passive clock timezone MST -7 clock summer-time MDT recurring dns server-group DefaultDNS domain-name cleaned access-list inside_nat0_outbound extended permit ip any 10.0.1.192
The config looks like it should work for NAT and the www but I can't get it to connect. If I can get the NAT for www I think I can handle the rest pretty well. I have most of my experience with watch guard products which aren't the best but are pretty easy to configure. Although I can use the Cisco remote VPN client I would rather not because I installed it and it conflicts with another VPN client I use. So if there's a way to use the MS VPN client that would be cool.
access-list inside_nat0_outbound extended permit IP any 10.0.1.192
255.255.255.252 ?
Those ACL's will bypass NAT and could be the source of your problem.
Also why are you trying to subnet your /24 subnet in half? it appears you want 10.0.1.1 through 10.0.1.192 to bypass NAT completely making any hosts in those range unable to access the internet. As well as
10.0.1.224 through 10.0.1.254? Sorry I am a bit confused...
We currently have a watch guard product that we are trying to move to PIX I have two vpns that I need to set up on the PIX as well as remote access for a couple users (see posts above).
Right now I have the 1st of two VPN's set up. And I tried to configure the remote access VPN's but they are not working either.
The network topology is pretty basic. An internal network with a web server and a couple other servers. One of the VPN's is used daily the other one is a remote office and is only used from time to time. That's about it.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.