Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 506e question

Reply
Thread Tools

PIX 506e question

 
 
bcmchenry bcmchenry is offline
Junior Member
Join Date: Jul 2007
Posts: 1
 
      07-31-2007
Greetings,

I have been asked to look into allowing a customer entry through our PIX for EDI purposes. The outside interface for the PIX is set to 69.111.202.242 (changed of course). There are several ACL's already in use for this box and working fine. My problem is that (before I came on board here) the company was told they would be using 69.111.202.244:8080 as there entry into our network. I can see how I could make the necessary adjustments to the current ACL to allow this for the .242 address, but I am stuck on how to allow this on 244 when the interface has already been assigned 242. Can anyone point me in the right direction? How do you have multiple public addresses through one interface?

I was told this was setup and working at some point but it stopped working months ago. I can see references in the ACL to 69.111.202.244 but it just doesn't make any sense to me what they did here. Notice the references to 69.111.202.243 and 244. I don't who set this up and it has been a while since it was, but I am confused on this config and how it would work. All public IP's have been changed for security purposes. I'll post the config here:

PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password yWx9g7BVBQM5rQ.l encrypted
passwd iNu50VD6XGaWHVM6 encrypted
hostname Pixbox
domain-name somecompany.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
no fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside permit icmp any any echo-reply
access-list outside permit icmp any any unreachable
access-list outside permit icmp any any time-exceeded
access-list outside permit tcp any host 69.111.202.242 eq www
access-list outside permit tcp any host 69.111.202.242 eq ftp
access-list outside permit tcp any host 69.111.202.242 eq https
access-list outside permit tcp any host 69.111.202.242 eq 8101
access-list outside permit tcp any host 69.111.202.242 eq 8301
access-list outside permit tcp any host 69.111.202.242 eq 3101
access-list outside permit tcp any host 69.111.202.242 eq 4101
access-list outside permit tcp any host 69.111.202.243 eq www
access-list outside permit tcp any host 69.111.202.243 eq 3389
access-list outside permit tcp any host 69.111.202.242 eq 15868
access-list outside permit tcp host xx.xx.xx.99 host 69.111.202.244 eq 8080
access-list outside permit tcp host xxx.xx.xx.100 host 69.111.202.244 eq 8080
access-list outside permit tcp host xxx.xx.xx.105 host 69.111.202.244 eq 8080
access-list outside permit tcp host xxx.xx.xx.110 host 69.111.202.244 eq 8080
access-list outside permit tcp host xx.xxx.xx.10 host 69.111.202.244 eq 8080
access-list outside permit tcp host xxx.xxx.xxx.5 host 69.111.202.244 eq 8080
access-list outside permit tcp xx.x.xxx.80 255.255.255.240 host 69.111.202.242 eq smtp
access-list outside permit tcp xx.xxx.xxx.0 255.255.255.0 host 69.111.202.242 eq smtp
access-list outside permit tcp xx.xx.xx.192 255.255.255.192 host 69.111.202.242 eq smtp
access-list outside permit tcp xx.xxx.xxx.0 255.255.255.0 host 69.111.202.242 eq smtp
access-list outside permit tcp host xxx.xxx.xxx.100 host 69.111.202.244 eq 8080
access-list outside permit tcp host xxx.xxx.xxx.101 host 69.111.202.244 eq 8080

pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 69.111.202.242 255.255.255.240
ip address inside 192.168.2.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 8101 192.168.2.xx 8101 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 8301 192.168.2.xx 8301 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 3101 192.168.2.xx 3101 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 4101 192.168.2.xx 4101 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www 192.168.2.x www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface smtp 192.168.2.x smtp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 15868 192.168.2.x 15868 netmask 255.255.255.255 0 0
static (inside,outside) udp interface 15868 192.168.2.x 15868 netmask 255.255.255.255 0 0
static (inside,outside) 69.111.202.243 192.168.3.x netmask 255.255.255.255 0 0
static (inside,outside) 66.111.202.244 192.168.2.x netmask 255.255.255.255 0 0
access-group outside in interface outside
route outside 0.0.0.0 0.0.0.0 69.111.202.241 1
 
Reply With Quote
 
 
 
Reply

« Cisco 877 Internet problems | cisco 1841 »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
pix 501 vs pix 506e? Mike Cisco 4 07-09-2007 05:35 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 4) Michiel Cisco 0 08-25-2006 01:17 AM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 3) Michiel Cisco 19 08-24-2006 08:55 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT (Part 2) Michiel Cisco 2 08-22-2006 08:46 PM
PIX 506E PDM 3.0(1) PIX 6.3(3) NAT/PAT Michiel Cisco 4 08-22-2006 12:26 PM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top