1. Home
  2. Cisco Systems
  3. Newb Help with a 515e

Newb Help with a 515e

Hi All,

I have just purchased a 515e PIX and I am having lots of problems in trying to set it up...

Since the router was purchased second hand, I have no documentation and what docs I have found - I'm getting very confused with.

Essentially, what I'm trying to do is as follows :

I have a collection of IP's from my ISP (lets say it's

123.123.123.0/29) My internal range is 176.16.10.0/24

I have the following servers:

176.16.10.2 = Web Server 1 176.16.10.3 = Web Server 2 176.16.10.4 = Mail Server

Ok - What I'm trying to do is to set up the router so that the following happens:

The Routers base IP is 123.123.123.2 (with the routers next hop is .1), and I want to give webserver 1 the ip 123.123.123.2 (with only port 80 and

443 allowed), the webserver 2 should have the ip 123.123.123.3 (again, with only port 80 and 443 enabled) and then finally my mail server has the IP 123.123.123.4 (with ports 25, 110 and 80)

Could someone help me rustle up a config that I can use for this set up? I'm having great problems at the moment and I simply can't get it to work... it's been so long since I ever did any Cisco stuff, then I've forgotten most of what I used to know....

Much Appreciated!

Regards,

Carl.

Reply to
cwcrawley
Loading thread data ...

Not many people call the PIX a router. When people say that it is not a router, I argue that it technically is, but I haven't convinced many people yet. ;-)

If you have not paid Cisco a "relicensing" fee then unless you are in one of a small number of countries (Germany, Denmark, not sure which others), you are not legally entitled to use the software. The software license does not transfer with the hardware, except where local law overrides the Cisco license terms.

For documentation, see

formatting link

ip address outside 123.123.123.2 255.255.255.248 ip address inside 176.16.10.2 255.255.255.0 route outside 0.0.0.0 0.0.0.0 123.123.123.1 static (inside,outside) tcp interface http 176.16.10.2 http netmask

255.255.255.255 static (inside,outside) tcp interface https 176.16.10.2 https netmask 255.255.255.255 static (inside,outside) 123.123.123.3 176.16.10.3 netmask 255.255.255.255 static (inside,outside) 123.123.123.4 176.16.10.4 netmask 255.255.255.255 access-list out2in permit tcp any interface outside eq http access-list out2in permit tcp any interface outside eq https access-list out2in permit tcp any host 123.123.123.3 eq http access-list out2in permit tcp any host 123.123.123.3 eq https access-list out2in permit tcp any host 123.123.123.4 eq smtp access-list out2in permit tcp any host 123.123.123.4 eq pop3 access-list out2in permit tcp any host 123.123.123.4 eq http access-group out2in in interface outside

You probably won't be very happy with this setup, as you did not account for DNS or other outgoing traffic.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.