Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > Cisco Pix 515e help

Reply
Thread Tools

Cisco Pix 515e help

 
 
leedo leedo is offline
Junior Member
Join Date: Mar 2008
Location: Newcastle
Posts: 2
 
      03-06-2008
Hi all,

I have no Cisco experience at all and i'm trying to configure a Cisco Pix 515e to allow TCP connections inbound from outside using the ASDM.

Here is my running config, any freedback is welcome.


PIX Version 7.2(1)

ftp mode passive
dns server-group DefaultDNS
domain-name mflow.com
object-group service mflow tcp
port-object range 1180 2222
object-group service all tcp-udp
port-object eq sunrpc
port-object eq cifs
port-object eq tacacs
port-object eq pim-auto-rp
port-object eq sip
port-object eq talk
port-object eq domain
port-object eq echo
port-object eq kerberos
port-object eq www
port-object eq discard
access-list outside extended permit tcp any interface Outside log
access-list outside extended permit udp any interface Outside
access-list 102 extended permit tcp any any
access-list 102 extended deny tcp host 0.0.0.0 host (interface ip)
access-list Outside_cryptomap extended permit ip any 10.254.10.192 255.255.255.2
24
access-list Outside_access_out extended permit tcp interface Outside any
access-list inside_access_in extended permit tcp interface inside any
access-list inbound extended permit tcp any any
access-list inbound extended permit udp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu Outside 1500
ip local pool VPNRange 10.254.10.200-10.254.10.220 mask 255.255.255.0
ip verify reverse-path interface inside
ip verify reverse-path interface Outside
no failover
monitor-interface inside
monitor-interface Outside
asdm image flash:/asdm521.bin
no asdm history enable
arp timeout 14400
global (Outside) 101 interface
nat (inside) 101 10.254.10.0 255.255.255.0
access-group inside_access_in in interface inside
access-group outside in interface Outside
access-group Outside_access_out out interface Outside
route Outside (Interface ip) 255.255.255.255 (gateway ip)
route Outside 0.0.0.0 0.0.0.0 81.171.180.29 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes




http server enable
http 10.254.10.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 0
crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
crypto dynamic-map Outside_dyn_map 20 set transform-set TRANS_ESP_DES_SHA
crypto map Outside_map 20 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
tunnel-group DefaultRAGroup general-attributes
address-pool VPNRange
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 10.254.10.1 interface inside
!
!
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
!
prompt hostname context
Cryptochecksum:ac683912531c34a78d8ce1d2ae24d610


Thanks
Lee
 

Last edited by leedo; 03-07-2008 at 09:06 AM..
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco Pix 515e TCP help leedo Cisco 1 03-06-2008 08:28 PM
Cisco System PIX 515E - Memory and PIX OS upgrade Speed3ple Cisco 0 04-04-2006 10:24 AM
Cisco PIX 6.1 (4) - Model PIX 515E Romeo Cisco 1 03-20-2006 03:26 PM
Replacing a PIX 515E with a PIX 515 Dustin Cisco 3 11-08-2005 11:06 PM
Cisco PIX 515E DMZ NAT Question, Please help Tom Cisco 1 11-20-2004 06:31 PM



Advertisments