Config Help-I'm being Lazy

Discussion in 'Cisco' started by Curt, Feb 6, 2007.

  1. Curt

    Curt Guest

    Can any of you Cisco guru's create a sample config file for the
    following setup. I'm attempting to let the experts do this so It's gets
    done right (and I don't have to read the manual to figure out how to do
    something I should only have to do once)

    I have a PIX 501-firewall

    Questions:
    ---------
    #1. Can this device collect bandwidth usage statistics by IP by port?
    #2. I expect at most 10 concurrent web/mail connections. Will this
    handle that with no problems.
    #3. Can it email my cell phone with problems

    All the following info is hypothetical

    My external IPs are: 198.252.36.2-254
    My Gateway IP is: 198.252.36.1
    My internal network is 172.16.1.x


    my internal smtp server will be located at

    IP address: 172.16.1.2
    user: mysmtpuser
    password: mysmtppassword
    it will require authentication


    I want to route inbound comm to ports as follows:

    open these for UDP and TCP
    Inbound IP#1: 198.252.36.10
    -------------
    80 172.16.1.210
    20 172.16.1.210
    21 172.16.1.210
    443 172.16.1.210

    110 172.16.1.215
    25 172.16.1.215

    553 172.16.1.219

    block all other ports inbound

    open these for UDP and TCP
    Inbound IP#2: 198.252.36.20
    -------------
    80 172.16.1.220
    20 172.16.1.220
    21 172.16.1.220
    443 172.16.1.220

    110 172.16.1.225
    25 172.16.1.225

    block all other ports inbound

    I want to setup a Hardware VPN to another PIX-501
    all ports open in both directions from the specified IP Only

    It's IP address is: 198.252.22.22
    this connection should stay connected

    I want to set up three Cisco VPN Client and one Microsoft VPN Clients
    Accesses

    Cisco Client #1
    ---------------
    Can only connect from IP 198.252.36.015
    Group Authentication Name Group#1
    Password Group1Password
    Either do not require a password or permit it to be saved

    Cisco Client #2
    ---------------
    Can connect from Any outside Address
    Group Name Group#2
    Password Group2Password
    This one should timeout if no activity for 30 minutes
    This password should not be savable

    Cisco Client #3
    ---------------
    This will be the same Hardware VPN to another PIX-501 as above.
    all ports open in both directions from the specified IP Only
    It's IP address: 198.252.11.11

    The Microsoft one should:
    ------------------------
    accept a connection from any IP address and require secured password
    User Name: Group3
    Password: Group3Password
    Curt, Feb 6, 2007
    #1
    1. Advertising

  2. Curt

    Smokey Guest

    Curt wrote:
    > Can any of you Cisco guru's create a sample config file for the
    > following setup. I'm attempting to let the experts do this so It's gets
    > done right (and I don't have to read the manual to figure out how to do
    > something I should only have to do once)
    >



    That is really funny.
    Smokey, Feb 6, 2007
    #2
    1. Advertising

  3. In article <>,
    Curt <> wrote:
    >Can any of you Cisco guru's create a sample config file for the
    >following setup. I'm attempting to let the experts do this so It's gets
    >done right


    When my wife asks me, "Darling, why haven't you come to bed yet (nudge,
    nudge)?", I need something better to tell her than "I was giving away
    the fruit of my years of professional experience for free to someone who
    did not want be bothered opening the manual."
    Walter Roberson, Feb 6, 2007
    #3
  4. www.BradReese.Com, Feb 7, 2007
    #4
  5. Curt

    Curt Guest

    Thank you very much. This help I can use.

    I'm glad to have been amuzing to the experts. People that uptight need a
    laugh. I'm on a really tight budget and can't afford one of the experts.

    Also, I'm trying to get something new going with out learning a bunch of
    stuf I will not use again.




    In article <>,
    says...
    > Hi Curt,
    >
    > You may wish to investigate:
    >
    > Configure a Cisco PIX Firewall with this template
    >
    > http://articles.techrepublic.com.com/5100-1035_11-6149475.html?tag=nl.e115
    >
    > as well as Cisco PIX VPN GUI Config
    >
    > http://www.ifm.net.nz/cookbooks/501gui/
    >
    > Sincerely,
    >
    > Brad Reese
    > http://www.BradReese.Com
    >
    >
    Curt, Feb 7, 2007
    #5
  6. Curt

    Smokey Guest

    Curt wrote:
    > Thank you very much. This help I can use.
    >
    > I'm glad to have been amuzing to the experts. People that uptight need a
    > laugh. I'm on a really tight budget and can't afford one of the experts.


    It is not the fact that people are uptight, it is the fact that you come
    to a NG and ask for a complete config, not only that a complex config.
    You did not even try to attempt configuring the interfaces for crist
    sake, if we were to give you a complete config would you know what to do
    with it?


    >
    > Also, I'm trying to get something new going with out learning a bunch of
    > stuf I will not use again.


    Good for you, good luck with that.
    Smokey, Feb 7, 2007
    #6
  7. In article <>,
    Curt <> wrote:

    >Also, I'm trying to get something new going with out learning a bunch of
    >stuf I will not use again.


    In a situation such as yours, the recommendation from security
    professionals would be to not put in any firewall at all.

    Seriously.

    A firewall that is not maintained, updated with new software releases,
    and the logs monitored, is worse than not having a firewall. If
    you do not have a firewall, then you will *know* you are vulnerable,
    and so will take care in maintaining the security of your interior
    hosts; but if you just set up the firewall and then do not pay attention
    to it, you will be under the -illusion- that you are safe and so will
    neglect the security on your interior systems and never notice when the
    crackers take control of them.

    In saying the above, I am not "jiving you", making up something silly
    but plausible: I am conveying what much better security experts than
    I have said often. As Bruce Schneier, famous cryptography and
    security expert says in his book, Secrets and Lies,
    "Security is a process, not a product."
    http://www.schneier.com/book-sandl-pref.html

    Another quote from him there:

    If you think technology can solve your security problems, then you
    don't understand the problems and you don't understand the
    technology.
    Walter Roberson, Feb 7, 2007
    #7
  8. Curt

    JF Mezei Guest

    Smokey wrote:

    > It is not the fact that people are uptight, it is the fact that you come
    > to a NG and ask for a complete config, not only that a complex config.


    While I can understand this reaction, if you view this differently it
    starts to make sense.

    Consider a theoretical question: "I am new to this, I got a "empty" router,
    could anyone provide me with a fully populated configuration to do X/Y
    which I could use as a template to guide me to configure my router ?"

    Having a template that is known to work would most certaintly help a
    newcomer by seeing real world examples of configuration commands.

    It is one thing to go through a manual to read about individual commands.
    It is another to know what sort of command combinations result in what you
    really want to do.
    JF Mezei, Feb 7, 2007
    #8
  9. Curt

    Smokey Guest

    JF Mezei wrote:
    > Smokey wrote:
    >
    >> It is not the fact that people are uptight, it is the fact that you
    >> come to a NG and ask for a complete config, not only that a complex
    >> config.

    >
    > While I can understand this reaction, if you view this differently it
    > starts to make sense.
    >
    > Consider a theoretical question: "I am new to this, I got a "empty"
    > router, could anyone provide me with a fully populated configuration to
    > do X/Y which I could use as a template to guide me to configure my
    > router ?"
    >
    > Having a template that is known to work would most certaintly help a
    > newcomer by seeing real world examples of configuration commands.
    >
    > It is one thing to go through a manual to read about individual
    > commands. It is another to know what sort of command combinations result
    > in what you really want to do.


    Now this is really BS, while I can understand this could help the OP get
    started on his config by seeing a complete config, BUT by using an well
    known tool called 'www.google.com' and entering the line 'cisco pix
    config' the first 80 pages are all examples of cisco configs. As the
    subject states if the OP is too lazy to visit 'www.google.com' and enter
    *ANY* search criteria he really can not bitch too much about the help he
    does not receive.

    It would be kinda like me stepping into a sql NG and asking I need a
    fully functional ASP front end and sql backend to do X /Y I am too lazy
    to learn, and do not have the budget to pay someone so can someone do
    this for me? I would think most people in that situation would say 'hell
    NO' as well. What do you think?
    Smokey, Feb 7, 2007
    #9
  10. Curt

    Smokey Guest

    Smokey wrote:
    > JF Mezei wrote:
    >> Smokey wrote:
    >>
    >>> It is not the fact that people are uptight, it is the fact that you
    >>> come to a NG and ask for a complete config, not only that a complex
    >>> config.

    >>
    >> While I can understand this reaction, if you view this differently it
    >> starts to make sense.
    >>
    >> Consider a theoretical question: "I am new to this, I got a "empty"
    >> router, could anyone provide me with a fully populated configuration
    >> to do X/Y which I could use as a template to guide me to configure my
    >> router ?"
    >>
    >> Having a template that is known to work would most certaintly help a
    >> newcomer by seeing real world examples of configuration commands.
    >>
    >> It is one thing to go through a manual to read about individual
    >> commands. It is another to know what sort of command combinations
    >> result in what you really want to do.

    >


    And speaking of google lets have a look at the first hit shall we?

    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
    ^^^^^^^^^^^^^^^^^^^^^^^^

    wow a whole page dedicated to cisco pix example configs, who would have
    thought it would be sooo hard to find...
    Smokey, Feb 7, 2007
    #10
  11. Curt

    JF Mezei Guest

    Smokey wrote:
    > And speaking of google lets have a look at the first hit shall we?
    >
    > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html


    > wow a whole page dedicated to cisco pix example configs, who would have
    > thought it would be sooo hard to find...



    OK. I stand corrected then. The Cisco site can be overwhelming to a
    newbie. I got help from this newsgroup just to find the right web pages for
    the manual for my switch.

    The original poster got his answer in your response.
    JF Mezei, Feb 8, 2007
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BARBARA MOHR

    Lazy Cursor

    BARBARA MOHR, Sep 17, 2006, in forum: Computer Support
    Replies:
    5
    Views:
    499
    richard
    Sep 17, 2006
  2. Ivor

    LCD lazy pixel's

    Ivor, Nov 23, 2006, in forum: Computer Support
    Replies:
    1
    Views:
    591
    flamer
    Nov 24, 2006
  3. Shane

    lazy

    Shane, May 23, 2005, in forum: NZ Computing
    Replies:
    4
    Views:
    432
    Shane
    May 23, 2005
  4. lazy person wants A+

    , Oct 18, 2005, in forum: A+ Certification
    Replies:
    8
    Views:
    414
    Tom MacIntyre
    Oct 20, 2005
  5. RichA
    Replies:
    13
    Views:
    464
    Bruce
    May 3, 2010
Loading...

Share This Page