Help with PIX 515E config :)

Discussion in 'Cisco' started by jonathan, Oct 24, 2003.

  1. jonathan

    jonathan Guest

    Hello,

    I have obtained a PIX 515E - 2 ethernet ports. Based on my example below is
    anybody able to give me a sample configuration. The servers and workstations
    are on public ip ranges and we dont use NAT. Assume the network is
    1.1.1.0/20
    A sample config of set-up is as follows:

    Windows NT hosting server 1.1.1.17
    Web Server
    SMTP server
    FTP server
    Terminal Services
    MS SQL

    Linux hosting server 1.1.1.8
    Web Server
    FTP server
    SSH Access (Only allow specific ip from OUTSIDE to use SSH but anybody from
    inside)
    MySQL

    Linux Mail Server 1.1.1.10
    POP
    SMTP
    Postgresql
    SSH access (only allow specific IP from OUTSIDE to use SSH but anybody from
    inside)
    Radius server

    Workstation 1.1.1.101
    Should be able to surf web, use ftp, telnet, ssh, MSN Messenger, IRC

    Router 1.1.1.1

    Firewall IP is 1.1.1.81 (inside if) and 1.1.1.2 (outside if)

    Would I have to add a statement on the router -- eg i route 1.1.1.0
    255.255.255.0 1.1.1.2

    Thanx in advance
    john
    jonathan, Oct 24, 2003
    #1
    1. Advertising

  2. In article <bnarvc$15p8$>,
    jonathan <> wrote:
    :I have obtained a PIX 515E - 2 ethernet ports. Based on my example below is
    :anybody able to give me a sample configuration. The servers and workstations
    :are on public ip ranges and we dont use NAT. Assume the network is
    :1.1.1.0/20

    :Router 1.1.1.1

    :Firewall IP is 1.1.1.81 (inside if) and 1.1.1.2 (outside if)

    1.1.1.0/20 is not a valid CIDR. The closest CIDRs are
    1.1.0.0/20 and 1.1.16.0/20 .

    1.1.1.81 is in the same /20 as 1.1.1.2. You won't be able
    to configure that on a PIX.

    If 1.1.1.81 is not to be on the same subnet as 1.1.1.2, then
    you can't be using more than a /26 for the outside (1.1.1.0 - 1.1.1.63)


    The PIX cannot be configured as an IP filter: every interface
    *must* have a different subnet.
    --
    millihamlet: the average coherency of prose created by a single monkey
    typing randomly on a keyboard. Usenet postings may be rated in mHl.
    -- Walter Roberson
    Walter Roberson, Oct 24, 2003
    #2
    1. Advertising

  3. jonathan

    jonathan Guest

    Hi,

    The ip addresses were only used as an example as I dont want to publish my
    actual ip's here ;-)
    jonathan, Oct 27, 2003
    #3
  4. jonathan

    Memnoch Guest

    On Mon, 27 Oct 2003 09:49:17 +0200, "jonathan" <>
    wrote:

    >Hi,
    >
    >The ip addresses were only used as an example as I dont want to publish my
    >actual ip's here ;-)


    Presumable not the one published in the NNTP headers then? ;-)
    Memnoch, Oct 27, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gary
    Replies:
    3
    Views:
    5,705
    Mike W.
    Apr 20, 2004
  2. you know who maybe

    tftp a pix 515E config?

    you know who maybe, Jun 1, 2005, in forum: Cisco
    Replies:
    2
    Views:
    2,322
    you know who maybe
    Jun 1, 2005
  3. Scott Townsend

    Moving Config from PIX 515 to 515e

    Scott Townsend, Mar 23, 2006, in forum: Cisco
    Replies:
    3
    Views:
    3,176
    jsserver
    May 13, 2008
  4. Scott Townsend
    Replies:
    4
    Views:
    628
    Lutz Donnerhacke
    Feb 14, 2007
  5. galloshes
    Replies:
    0
    Views:
    481
    galloshes
    May 3, 2007
Loading...

Share This Page