I am new to the PIX and have a few questions. I am using the PDM to manage the unit.
The PIX came preconfigured with one public IP that I had. There were two entries in the Traslation Rules tab. One rule had the original as my outside global IP and the translated the internal IP of my server. The second entry was just the opposite. I figure that makes sense to that the IP gets translated properly in both directions.
I got a second IP setup. I created new hosts on the Hosts/Network tab copying what was there already and entering the new IPs. When I created the internal host it also created a new translation for me.
Here is where my confusion is. This process created only one additional translation showing my new internal IP as the original and the translated IP as my new global public IP. This would seem to be an outgoing rule, meaning requests made from my internal network go out on the Internet as the new public IP. Without the second rule showing the public IP as original and my internal IP as translated I figure nothing would come in from the outside. However, incoming requests from the Internet with the new public IP get translated properly on the internal network.
Do I have this backwards?
Secondly, can someone let me know if ACL rules look properly setup? I want it locked down for incoming as much as possible. Just need web and sftp. Seems like there should be some denies in here??
- any any inside ip Implicit outbound rule
1 any any outside ssh/tcp 2 any any outside http/tcp 3 any any outside https/tcp 4 any any outside echo-reply/icmp 5 any any outside source-quench/icmp 6 any any outside unreachable/icmp 7 any any outside time-exceeded/icmp