General Help Related Topics - PIX 506e config via PDM

08-26-2006, 11:55 AM

Is anybody out there to help me on how to allow the pcanywhere communication from outside network to any of my internal IP behind PIX 506e via PDM? help would be greatly appreciated. Thanks

mbvales

mbvales · 08-29-2006, 10:54 AM

Hi to all, anybody can help on how to allow pcanywhere on PIX and to translate or point my outside interface from my pix (real IP) to any of my local internal IP (e.g. 192.168.0.20). I used hyperterminal or PDM but I preferred the GUI command.

Here's my config: (Fake IP)

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password hbNy3ju8pQKZ0U57 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname xxxxxxx
domain-name xxxxxxxxxx.com
clock timezone PKT 5
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group service OUTTCP tcp
description allowed internal outbound TCP services
port-object eq telnet
port-object eq www
port-object eq ssh
port-object eq pop3
port-object eq ftp
port-object eq https
port-object eq smtp
object-group service OUTUDP udp
description allowed internal outbound UDP services
port-object eq domain
port-object eq ntp
object-group network LOCALNET
description internal network
network-object 192.168.0.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
access-list outside_access_in permit ip any any
access-list outside_access_in permit tcp interface outside host 192.168.0.20 eq pcanywhere-data
access-list outside_access_in permit tcp interface outside host 192.168.0.20 eq https
access-list outside_access_in permit tcp interface outside host 192.168.0.20 range pcanywhere-data 5632
access-list outside_access_in permit tcp interface outside host 192.168.0.20 range https https
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 202.124.141.26 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.0 255.255.255.0 inside
pdm location 192.168.1.2 255.255.255.255 inside
pdm location 202.124.141.25 255.255.255.255 outside
pdm location 192.168.2.0 255.255.255.0 inside
pdm location 195.127.106.0 255.255.255.0 outside
pdm location 192.168.0.20 255.255.255.255 inside
pdm group LOCALNET inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
global (outside) 3 192.168.0.20
global (inside) 2 192.168.0.20
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.0.20 192.168.0.20 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 202.124.141.25 1
route inside 192.168.0.0 255.255.255.0 192.168.1.2 1
route inside 192.168.2.0 255.255.255.0 192.168.1.2 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 192.168.0.20 timeout 5 protocol TCP ver
sion 1
http server enable
http 195.127.106.0 255.255.255.0 outside
http 192.168.1.0 255.255.255.0 inside
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh 195.127.106.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
vpdn username admin password *********
vpdn enable outside
vpdn enable inside
dhcpd address 192.168.1.2-192.168.1.10 inside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username xxxxx password AULMP2pyBpRZ4Zva encrypted privilege 15
username xxxxxxx password GlpXwGpslAIwW3Gs encrypted privilege 15
username xxxxxx password SHCeMeoGZJ.cTeqt encrypted privilege 15
terminal width 80
Cryptochecksum:28e15cd8cb8a450b50eb8bb1491a98d9
: end

mbvales

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
pix 506E and port forwarding	relar	Hardware	0	10-03-2008 04:01 PM
Cisco 2651 Config....Help!	Pflugerville98	Hardware	2	03-20-2008 01:50 PM
Cisco PIX 506e VPM	kreck621	Hardware	1	09-14-2007 02:30 PM
Spoke to Spoke Enhanced Config (ASA-PIX) NEED HELP ASAP!!	T-Mak	Hardware	1	10-27-2006 11:56 AM
Cisco 506e multiple external IPs?	Archo	Hardware	1	09-26-2006 02:20 PM

08-26-2006, 11:55 AM	#1
	PC anywhere config on PIX Is anybody out there to help me on how to allow the pcanywhere communication from outside network to any of my internal IP behind PIX 506e via PDM? help would be greatly appreciated. Thanks mbvales Last edited by mbvales : 08-29-2006 at 01:35 PM.

08-29-2006, 10:54 AM	#2
mbvales Junior Member Join Date: Aug 2006 Posts: 4	Hi to all, anybody can help on how to allow pcanywhere on PIX and to translate or point my outside interface from my pix (real IP) to any of my local internal IP (e.g. 192.168.0.20). I used hyperterminal or PDM but I preferred the GUI command. Here's my config: (Fake IP) PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password hbNy3ju8pQKZ0U57 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname xxxxxxx domain-name xxxxxxxxxx.com clock timezone PKT 5 fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names object-group service OUTTCP tcp description allowed internal outbound TCP services port-object eq telnet port-object eq www port-object eq ssh port-object eq pop3 port-object eq ftp port-object eq https port-object eq smtp object-group service OUTUDP udp description allowed internal outbound UDP services port-object eq domain port-object eq ntp object-group network LOCALNET description internal network network-object 192.168.0.0 255.255.255.0 network-object 192.168.1.0 255.255.255.0 network-object 192.168.2.0 255.255.255.0 access-list outside_access_in permit ip any any access-list outside_access_in permit tcp interface outside host 192.168.0.20 eq pcanywhere-data access-list outside_access_in permit tcp interface outside host 192.168.0.20 eq https access-list outside_access_in permit tcp interface outside host 192.168.0.20 range pcanywhere-data 5632 access-list outside_access_in permit tcp interface outside host 192.168.0.20 range https https pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 202.124.141.26 255.255.255.248 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.0.0 255.255.255.0 inside pdm location 192.168.1.2 255.255.255.255 inside pdm location 202.124.141.25 255.255.255.255 outside pdm location 192.168.2.0 255.255.255.0 inside pdm location 195.127.106.0 255.255.255.0 outside pdm location 192.168.0.20 255.255.255.255 inside pdm group LOCALNET inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface global (outside) 3 192.168.0.20 global (inside) 2 192.168.0.20 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 192.168.0.20 192.168.0.20 netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 202.124.141.25 1 route inside 192.168.0.0 255.255.255.0 192.168.1.2 1 route inside 192.168.2.0 255.255.255.0 192.168.1.2 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local url-server (inside) vendor websense host 192.168.0.20 timeout 5 protocol TCP ver sion 1 http server enable http 195.127.106.0 255.255.255.0 outside http 192.168.1.0 255.255.255.0 inside http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.0.0 255.255.255.0 inside telnet timeout 5 ssh 195.127.106.0 255.255.255.0 outside ssh timeout 5 console timeout 0 vpdn username admin password ********* vpdn enable outside vpdn enable inside dhcpd address 192.168.1.2-192.168.1.10 inside dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside username xxxxx password AULMP2pyBpRZ4Zva encrypted privilege 15 username xxxxxxx password GlpXwGpslAIwW3Gs encrypted privilege 15 username xxxxxx password SHCeMeoGZJ.cTeqt encrypted privilege 15 terminal width 80 Cryptochecksum:28e15cd8cb8a450b50eb8bb1491a98d9 : end mbvales