1. Home
  2. Cisco Systems
  3. pix 506 E config

pix 506 E config

Hi,

i have to config the Pix Firewall for just internet access now i am running my internet directly to public ip's but now with PIX

506E.

Plz gime me wht config i have to do in my pix as well as wht change i will have to do in my Router that is connected to internet through E1 line.

My current config of PIx is as

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname PIX12tL domain-name shyam.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 59.144.164.33 255.255.255.0 ip address inside 172.16.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 59.144.164.40 172.16.2.2 netmask

255.255.255.255 0 0

timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 202.78.168.118 255.255.255.255 outside http 172.16.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 172.16.1.0 255.255.255.0 inside telnet timeout 5 ssh 202.78.168.118 255.255.255.255 outside route outside 0.0.0.0 0.0.0.0 59.144.164.1 1 route inside 172.16.2.0 255.255.255.224 172.16.1.5 1 route inside 172.16.3.0 255.255.255.224 172.16.1.5 1 route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

ssh timeout 5 console timeout 0 username shyam password ZyD6kufF3mkoCa8R encrypted privilege 2 terminal width 80 Cryptochecksum:15a136f7cd824c5631dcb1438936b338 : end

Reply to
deep
Loading thread data ...

Hi,

i have to config the Pix Firewall for just internet access now i am running my internet directly to public ip's but now with PIX

506E.

Plz gime me wht config i have to do in my pix as well as wht change i will have to do in my Router that is connected to internet through E1 line.

My current config of PIx is as

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname PIX12tL domain-name shyam.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 59.144.164.33 255.255.255.0 ip address inside 172.16.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 59.144.164.40 172.16.2.2 netmask

255.255.255.255 0 0

timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 202.78.168.118 255.255.255.255 outside http 172.16.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 172.16.1.0 255.255.255.0 inside telnet timeout 5 ssh 202.78.168.118 255.255.255.255 outside route outside 0.0.0.0 0.0.0.0 59.144.164.1 1 route inside 172.16.2.0 255.255.255.224 172.16.1.5 1 route inside 172.16.3.0 255.255.255.224 172.16.1.5 1 route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

ssh timeout 5 console timeout 0 username shyam password ZyD6kufF3mkoCa8R encrypted privilege 2 terminal width 80 Cryptochecksum:15a136f7cd824c5631dcb1438936b338 : end

Reply to
deep

Hi,

i have to config the Pix Firewall for just internet access now i am running my internet directly to public ip's but now with PIX

506E.

Plz gime me wht config i have to do in my pix as well as wht change i will have to do in my Router that is connected to internet through E1 line.

My current config of PIx is as

PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 2KFQnbNIdI.2KYOU encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname PIX12tL domain-name shyam.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 59.144.164.33 255.255.255.0 ip address inside 172.16.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 59.144.164.40 172.16.2.2 netmask

255.255.255.255 0 0

timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 202.78.168.118 255.255.255.255 outside http 172.16.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 172.16.1.0 255.255.255.0 inside telnet timeout 5 ssh 202.78.168.118 255.255.255.255 outside route outside 0.0.0.0 0.0.0.0 59.144.164.1 1 route inside 172.16.2.0 255.255.255.224 172.16.1.5 1 route inside 172.16.3.0 255.255.255.224 172.16.1.5 1 route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

ssh timeout 5 console timeout 0 username shyam password ZyD6kufF3mkoCa8R encrypted privilege 2 terminal width 80 Cryptochecksum:15a136f7cd824c5631dcb1438936b338 : end

Reply to
deep

I'm sorry, could you restate the problem? What is the difference between what you have now and the state you want?

Currently, you have internal networks

172.16.1.0-255, 172.16.2.0-31, 172.16.3.0-31, 172.16.4.0-31 and you have an internal router at 172.16.1.5 .

Currently all of your traffic goes out through the public IP 59.144.164.33 except for 172.16.2.2, which goes out as 59.144.164.40 .

You do not allow any incoming connections from outside to inside.

What is the new configuration that you would like?

Reply to
Walter Roberson

HI deep, Canyou post some clear ind\\formationof the situation. And in your config followinag parts are wringplease correct this:

It should be : global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0

If you cangive me diagrammay be i can help

Rgrds.... CK-NET

Reply to
NETADMIN

Its not much clear from the given info ... but shud be as

ip address outside "public Ip"

ip address inside "ip of inside netwrok"

route outside 0.0.0.0 0.0.0.0 "Public IP" 1

route inside 172.16.2.0 255.255.255.224 172.16.1.5 1 route inside 172.16.3.0 255.255.255.224 172.16.1.5 1 route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

global (outside) 1 interface

Reply to
Hemat Maheshwari

Better is

route outside 0.0.0.0 0.0.0.0 "Router IP" 1

nat (inside) 1 0.0.0.0 0.0.0.0

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.