Cisco Pix 515e TCP help

Discussion in 'Cisco' started by leedo, Mar 6, 2008.

  1. leedo

    leedo

    Joined:
    Mar 6, 2008
    Messages:
    2
    Location:
    Newcastle
    Hi all,

    I have no Cisco experience at all and i'm trying to configure a Cisco Pix 515e to allow TCP connections inbound from outside using the ASDM.

    Here is my running config, any freedback is welcome.


    PIX Version 7.2(1)

    ftp mode passive
    dns server-group DefaultDNS
    domain-name mflow.com
    object-group service mflow tcp
    port-object range 1180 2222
    object-group service all tcp-udp
    port-object eq sunrpc
    port-object eq cifs
    port-object eq tacacs
    port-object eq pim-auto-rp
    port-object eq sip
    port-object eq talk
    port-object eq domain
    port-object eq echo
    port-object eq kerberos
    port-object eq www
    port-object eq discard
    access-list outside extended permit tcp any interface Outside log
    access-list outside extended permit udp any interface Outside
    access-list 102 extended permit tcp any any
    access-list 102 extended deny tcp host 0.0.0.0 host (interface ip)
    access-list Outside_cryptomap extended permit ip any 10.254.10.192 255.255.255.2
    24
    access-list Outside_access_out extended permit tcp interface Outside any
    access-list inside_access_in extended permit tcp interface inside any
    access-list inbound extended permit tcp any any
    access-list inbound extended permit udp any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu Outside 1500
    ip local pool VPNRange 10.254.10.200-10.254.10.220 mask 255.255.255.0
    ip verify reverse-path interface inside
    ip verify reverse-path interface Outside
    no failover
    monitor-interface inside
    monitor-interface Outside
    asdm image flash:/asdm521.bin
    no asdm history enable
    arp timeout 14400
    global (Outside) 101 interface
    nat (inside) 101 10.254.10.0 255.255.255.0
    access-group inside_access_in in interface inside
    access-group outside in interface Outside
    access-group Outside_access_out out interface Outside
    route Outside (Interface ip) 255.255.255.255 (gateway ip)
    route Outside 0.0.0.0 0.0.0.0 81.171.180.29 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes




    http server enable
    http 10.254.10.0 255.255.255.0 inside
    http 192.168.1.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sysopt connection tcpmss 0
    crypto ipsec transform-set TRANS_ESP_DES_SHA esp-des esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_DES_SHA mode transport
    crypto dynamic-map Outside_dyn_map 20 set transform-set TRANS_ESP_DES_SHA
    crypto map Outside_map 20 ipsec-isakmp dynamic Outside_dyn_map
    crypto map Outside_map interface Outside
    crypto isakmp enable Outside
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    tunnel-group DefaultRAGroup general-attributes
    address-pool VPNRange
    default-group-policy DefaultRAGroup
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *
    tunnel-group DefaultRAGroup ppp-attributes
    authentication ms-chap-v2
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd dns 10.254.10.1 interface inside
    !
    !
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    !
    prompt hostname context
    Cryptochecksum:ac683912531c34a78d8ce1d2ae24d610


    Thanks
    Lee
    Last edited: Mar 7, 2008
    leedo, Mar 6, 2008
    #1
    1. Advertising

  2. leedo

    Greeley

    Joined:
    Dec 16, 2007
    Messages:
    67
    access-list inbound extended permit ip any any
    access-group inbound in interface outside

    You should edit your message and take your ip addresses out of it.

    --G
    Greeley, Mar 6, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin
    Replies:
    1
    Views:
    741
    Walter Roberson
    Nov 10, 2004
  2. Jyri Korhonen
    Replies:
    4
    Views:
    7,011
    Walter Roberson
    Nov 30, 2004
  3. Romeo
    Replies:
    1
    Views:
    447
    Walter Roberson
    Mar 20, 2006
  4. Speed3ple
    Replies:
    0
    Views:
    2,958
    Speed3ple
    Apr 4, 2006
  5. Walter Roberson
    Replies:
    0
    Views:
    642
    Walter Roberson
    Oct 23, 2008
Loading...

Share This Page