Hi all,
I'm not sure if this is a suitable place to ask this, but here goes...
I have a PIX501 which I think should be working correctly but since my hosting provider, who tell me they have set up a private network for my use, wants $50 per 30 minutes to configure it (they have seen the config but expressed no view on whether it is broken) I think I need an independent opinion. My suspicion is that the PIX is fine and that it is the external routing that needs fixing.
Can anyone give me an opinion on whether this should let any traffic through? There is a software firewall installed on my webserver so I am happy for the PIX to be very insecure right now - I just want to get it to work at all :-)
I have changed some specifics below to protect the innocent.
Outside: Interface: 212.130.214.10 Mask: 255.255.255.252 Gateway: 212.130.214.9
Inside: Interface: 212.130.215.193 Mask: 255.255.255.192 Gateway: 212.130.215.193
Result of firewall command: "write term"
Building configuration... : Saved : PIX Version 6.3(4) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password aaaaa encrypted passwd bbbbb encrypted hostname ccccc domain-name ddddd.com clock timezone GMT/BST 0 clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00 no fixup protocol dns fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name xxx.xxx.xxx.xxx XXXXX name yyy.yyy.yyy.yyy YYYYY access-list outside_access_in permit icmp any any access-list outside_access_in permit tcp any any access-list outside_access_in permit udp any any pager lines 24 logging on logging history debugging icmp permit any outside icmp permit any inside mtu outside 1500 mtu inside 1500 ip address outside 212.130.214.10 255.255.255.252 ip address inside 212.130.215.193 255.255.255.192 ip verify reverse-path interface outside ip verify reverse-path interface inside ip audit info action alarm ip audit attack action alarm pdm location XXXXX 255.255.255.240 outside pdm location YYYYY 255.255.255.240 outside pdm location zzz.zzz.zzz.zzz 255.255.255.0 outside pdm logging debugging 500 pdm history enable arp timeout 14400 nat (inside) 0 212.130.215.192 255.255.255.192 0 0 static (inside,outside) 212.130.215.192 212.130.215.192 netmask
255.255.255.192 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 212.130.214.9 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa authorization command LOCAL ntp server xxx.xxx.xxx.xxx source outside prefer http server enable http AAAAA 255.255.255.240 outside http BBBBB 255.255.255.240 outside http 212.130.193.0 255.255.255.0 outside http 212.130.215.192 255.255.255.192 inside no snmp-server location no snmp-server contact snmp-server community EEEEE no snmp-server enable traps floodguard enable telnet AAAAA 255.255.255.240 outside telnet 212.130.193.0 255.255.255.0 outside telnet 212.130.215.192 255.255.255.192 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 750 username iiiii password iiiii encrypted privilege 3 username jjjjj password jjjjj encrypted privilege 15 username kkkkk password kkkkk encrypted privilege 5 privilege show level 0 command version privilege show level 0 command curpriv privilege show level 3 command pdm privilege show level 3 command blocks privilege show level 3 command ssh privilege configure level 3 command who privilege show level 3 command isakmp privilege show level 3 command ipsec privilege show level 3 command vpdn privilege show level 3 command local-host privilege show level 3 command interface privilege show level 3 command ip privilege configure level 3 command ping privilege show level 3 command uauth privilege configure level 5 mode enable command configure privilege show level 5 command running-config privilege show level 5 command privilege privilege show level 5 command clock privilege show level 5 command ntp privilege show level 5 mode configure command logging privilege show level 5 command fragment terminal width 80 Cryptochecksum:zzzzz : end [OK]