Cofiguring PIX 515E

Discussion in 'Cisco' started by mattyp73@hotmail.com, Nov 14, 2005.

  1. Guest

    Cisco PIX515E which I need to configure to allow traffic to a new
    server on an internal IP address using ports 80, 25 and 21... I have a
    dedicated external IP address and a dedicated Internal IP address for
    the server... the PIX firewall already is set up... and doing its job..
    what is the command line which needs to be inserted to allow this?
     
    , Nov 14, 2005
    #1
    1. Advertising

  2. <> wrote:

    > Cisco PIX515E which I need to configure to allow traffic to a new
    > server on an internal IP address using ports 80, 25 and 21... I have a
    > dedicated external IP address and a dedicated Internal IP address for
    > the server... the PIX firewall already is set up... and doing its job..
    > what is the command line which needs to be inserted to allow this?


    Probably:

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

    and

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755
     
    Jyri Korhonen, Nov 14, 2005
    #2
    1. Advertising

  3. Gary Guest

    "Jyri Korhonen" <> wrote in message
    news:dla4jq$338$...
    > <> wrote:
    >
    >> Cisco PIX515E which I need to configure to allow traffic to a new
    >> server on an internal IP address using ports 80, 25 and 21... I have a
    >> dedicated external IP address and a dedicated Internal IP address for
    >> the server... the PIX firewall already is set up... and doing its job..
    >> what is the command line which needs to be inserted to allow this?

    >
    > Probably:
    >
    > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694
    >
    > and
    >
    > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755
    >



    Not sure what OS you are using but this works for us.

    object-group service PublicPorts tcp
    port-object eq smtp
    port-object eq telnet
    port-object eq www
    port-object eq ftp

    If this fails ACL will simply be line by line for every port allowed.

    Your outside ACL will need something like this, but will need to be
    integrated into existing ACL
    access-list outside_acl permit tcp any object-group PublicPorts

    Then just map the IP through.
    static (inside,outside) <public IP here> <private IP here> netmask <Private
    Subnet Here>

    That is pretty much it.

    G
     
    Gary, Nov 15, 2005
    #3
  4. Hello,

    you need something like this :

    access-list outside_in permit any host public-ip-address eq 80
    access-list outside_in permit any host public-ip-address eq 25
    access-list outside_in permit any host public-ip-address eq 21

    access-group outside_in in interface outside

    static (inside1,outside) public-ip-address inside-ip-address netmask
    255.255.255.255 768 1024

    assuming that you don't have an access-list now on the outside


    after implementing :
    either reload the pix
    or
    issue command : clear xlate

    then it should work...

    Anton


    wrote:
    > Cisco PIX515E which I need to configure to allow traffic to a new
    > server on an internal IP address using ports 80, 25 and 21... I have a
    > dedicated external IP address and a dedicated Internal IP address for
    > the server... the PIX firewall already is set up... and doing its job..
    > what is the command line which needs to be inserted to allow this?
    >
     
    Anton van der Leun, Nov 17, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dustin
    Replies:
    3
    Views:
    636
    Matty M
    Nov 8, 2005
  2. Romeo
    Replies:
    1
    Views:
    475
    Walter Roberson
    Mar 20, 2006
  3. Speed3ple
    Replies:
    0
    Views:
    3,004
    Speed3ple
    Apr 4, 2006
  4. Scott Townsend

    PIX 515 to PIX 515e not passing traffic

    Scott Townsend, May 10, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,736
    Vikas
    May 25, 2006
  5. Mark Huizer
    Replies:
    0
    Views:
    2,125
    Mark Huizer
    Mar 5, 2010
Loading...

Share This Page