«

Can any of you Cisco guru's create a sample config file for the
following setup. I'm attempting to let the experts do this so It's gets
done right (and I don't have to read the manual to figure out how to do
something I should only have to do once)

I have a PIX 501-firewall

Questions:
---------
#1. Can this device collect bandwidth usage statistics by IP by port?
#2. I expect at most 10 concurrent web/mail connections. Will this
handle that with no problems.
#3. Can it email my cell phone with problems

All the following info is hypothetical

My external IPs are: 198.252.36.2-254
My Gateway IP is: 198.252.36.1
My internal network is 172.16.1.x


my internal smtp server will be located at

IP address: 172.16.1.2
user: mysmtpuser
password: mysmtppassword
it will require authentication


I want to route inbound comm to ports as follows:

open these for UDP and TCP
Inbound IP#1: 198.252.36.10
-------------
80 172.16.1.210
20 172.16.1.210
21 172.16.1.210
443 172.16.1.210

110 172.16.1.215
25 172.16.1.215

553 172.16.1.219

block all other ports inbound

open these for UDP and TCP
Inbound IP#2: 198.252.36.20
-------------
80 172.16.1.220
20 172.16.1.220
21 172.16.1.220
443 172.16.1.220

110 172.16.1.225
25 172.16.1.225

block all other ports inbound

I want to setup a Hardware VPN to another PIX-501
all ports open in both directions from the specified IP Only

It's IP address is: 198.252.22.22
this connection should stay connected

I want to set up three Cisco VPN Client and one Microsoft VPN Clients
Accesses

Cisco Client #1
---------------
Can only connect from IP 198.252.36.015
Group Authentication Name Group#1
Password Group1Password
Either do not require a password or permit it to be saved

Cisco Client #2
---------------
Can connect from Any outside Address
Group Name Group#2
Password Group2Password
This one should timeout if no activity for 30 minutes
This password should not be savable

Cisco Client #3
---------------
This will be the same Hardware VPN to another PIX-501 as above.
all ports open in both directions from the specified IP Only
It's IP address: 198.252.11.11

The Microsoft one should:
------------------------
accept a connection from any IP address and require secured password
User Name: Group3
Password: Group3Password

Curt wrote:
> Can any of you Cisco guru's create a sample config file for the
> following setup. I'm attempting to let the experts do this so It's gets
> done right (and I don't have to read the manual to figure out how to do
> something I should only have to do once)
>


That is really funny.

In article <>,
Curt <> wrote:
>Can any of you Cisco guru's create a sample config file for the
>following setup. I'm attempting to let the experts do this so It's gets
>done right

When my wife asks me, "Darling, why haven't you come to bed yet (nudge,
nudge)?", I need something better to tell her than "I was giving away
the fruit of my years of professional experience for free to someone who
did not want be bothered opening the manual."

Hi Curt,

You may wish to investigate:

Configure a Cisco PIX Firewall with this template

http://articles.techrepublic.com.com...ml?tag=nl.e115

as well as Cisco PIX VPN GUI Config

http://www.ifm.net.nz/cookbooks/501gui/

Sincerely,

Brad Reese
http://www.BradReese.Com

Thank you very much. This help I can use.

I'm glad to have been amuzing to the experts. People that uptight need a
laugh. I'm on a really tight budget and can't afford one of the experts.

Also, I'm trying to get something new going with out learning a bunch of
stuf I will not use again.




In article < .com>,
says...
> Hi Curt,
>
> You may wish to investigate:
>
> Configure a Cisco PIX Firewall with this template
>
> http://articles.techrepublic.com.com...ml?tag=nl.e115
>
> as well as Cisco PIX VPN GUI Config
>
> http://www.ifm.net.nz/cookbooks/501gui/
>
> Sincerely,
>
> Brad Reese
> http://www.BradReese.Com
>
>

Curt wrote:
> Thank you very much. This help I can use.
>
> I'm glad to have been amuzing to the experts. People that uptight need a
> laugh. I'm on a really tight budget and can't afford one of the experts.

It is not the fact that people are uptight, it is the fact that you come
to a NG and ask for a complete config, not only that a complex config.
You did not even try to attempt configuring the interfaces for crist
sake, if we were to give you a complete config would you know what to do
with it?


>
> Also, I'm trying to get something new going with out learning a bunch of
> stuf I will not use again.

Good for you, good luck with that.

In article <>,
Curt <> wrote:

>Also, I'm trying to get something new going with out learning a bunch of
>stuf I will not use again.

In a situation such as yours, the recommendation from security
professionals would be to not put in any firewall at all.

Seriously.

A firewall that is not maintained, updated with new software releases,
and the logs monitored, is worse than not having a firewall. If
you do not have a firewall, then you will *know* you are vulnerable,
and so will take care in maintaining the security of your interior
hosts; but if you just set up the firewall and then do not pay attention
to it, you will be under the -illusion- that you are safe and so will
neglect the security on your interior systems and never notice when the
crackers take control of them.

In saying the above, I am not "jiving you", making up something silly
but plausible: I am conveying what much better security experts than
I have said often. As Bruce Schneier, famous cryptography and
security expert says in his book, Secrets and Lies,
"Security is a process, not a product."
http://www.schneier.com/book-sandl-pref.html

Another quote from him there:

If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the
technology.

Smokey wrote:

> It is not the fact that people are uptight, it is the fact that you come
> to a NG and ask for a complete config, not only that a complex config.

While I can understand this reaction, if you view this differently it
starts to make sense.

Consider a theoretical question: "I am new to this, I got a "empty" router,
could anyone provide me with a fully populated configuration to do X/Y
which I could use as a template to guide me to configure my router ?"

Having a template that is known to work would most certaintly help a
newcomer by seeing real world examples of configuration commands.

It is one thing to go through a manual to read about individual commands.
It is another to know what sort of command combinations result in what you
really want to do.

JF Mezei wrote:
> Smokey wrote:
>
>> It is not the fact that people are uptight, it is the fact that you
>> come to a NG and ask for a complete config, not only that a complex
>> config.
>
> While I can understand this reaction, if you view this differently it
> starts to make sense.
>
> Consider a theoretical question: "I am new to this, I got a "empty"
> router, could anyone provide me with a fully populated configuration to
> do X/Y which I could use as a template to guide me to configure my
> router ?"
>
> Having a template that is known to work would most certaintly help a
> newcomer by seeing real world examples of configuration commands.
>
> It is one thing to go through a manual to read about individual
> commands. It is another to know what sort of command combinations result
> in what you really want to do.

Now this is really BS, while I can understand this could help the OP get
started on his config by seeing a complete config, BUT by using an well
known tool called 'www.google.com' and entering the line 'cisco pix
config' the first 80 pages are all examples of cisco configs. As the
subject states if the OP is too lazy to visit 'www.google.com' and enter
*ANY* search criteria he really can not bitch too much about the help he
does not receive.

It would be kinda like me stepping into a sql NG and asking I need a
fully functional ASP front end and sql backend to do X /Y I am too lazy
to learn, and do not have the budget to pay someone so can someone do
this for me? I would think most people in that situation would say 'hell
NO' as well. What do you think?

Smokey wrote:
> JF Mezei wrote:
>> Smokey wrote:
>>
>>> It is not the fact that people are uptight, it is the fact that you
>>> come to a NG and ask for a complete config, not only that a complex
>>> config.
>>
>> While I can understand this reaction, if you view this differently it
>> starts to make sense.
>>
>> Consider a theoretical question: "I am new to this, I got a "empty"
>> router, could anyone provide me with a fully populated configuration
>> to do X/Y which I could use as a template to guide me to configure my
>> router ?"
>>
>> Having a template that is known to work would most certaintly help a
>> newcomer by seeing real world examples of configuration commands.
>>
>> It is one thing to go through a manual to read about individual
>> commands. It is another to know what sort of command combinations
>> result in what you really want to do.
>

And speaking of google lets have a look at the first hit shall we?

http://www.cisco.com/en/US/products/...ples_list.html
^^^^^^^^^^^^^^^^^^^^^^^^

wow a whole page dedicated to cisco pix example configs, who would have
thought it would be sooo hard to find...