pix 506 E config

Discussion in 'Cisco' started by deep, Apr 22, 2006.

  1. deep

    deep Guest

    Hi,


    i have to config the Pix Firewall for just internet access
    now i am running my internet directly to public ip's but now with PIX
    506E.

    Plz gime me wht config i have to do in my pix as well as wht change i
    will have to do in my Router that is connected to internet through E1
    line.


    My current config of PIx is as


    PIX Version 6.3(4)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname PIX12tL
    domain-name shyam.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 59.144.164.33 255.255.255.0
    ip address inside 172.16.1.1 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 59.144.164.40 172.16.2.2 netmask
    255.255.255.255 0 0



    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 202.78.168.118 255.255.255.255 outside
    http 172.16.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet 172.16.1.0 255.255.255.0 inside
    telnet timeout 5
    ssh 202.78.168.118 255.255.255.255 outside
    route outside 0.0.0.0 0.0.0.0 59.144.164.1 1
    route inside 172.16.2.0 255.255.255.224 172.16.1.5 1
    route inside 172.16.3.0 255.255.255.224 172.16.1.5 1
    route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

    ssh timeout 5
    console timeout 0
    username shyam password ZyD6kufF3mkoCa8R encrypted privilege 2
    terminal width 80
    Cryptochecksum:15a136f7cd824c5631dcb1438936b338
    : end
    deep, Apr 22, 2006
    #1
    1. Advertising

  2. In article <>,
    deep <> wrote:
    >i have to config the Pix Firewall for just internet access
    >now i am running my internet directly to public ip's but now with PIX
    >506E.


    >Plz gime me wht config i have to do in my pix as well as wht change i
    >will have to do in my Router that is connected to internet through E1
    >line.


    I'm sorry, could you restate the problem? What is the difference
    between what you have now and the state you want?


    >My current config of PIx is as


    >PIX Version 6.3(4)


    >ip address outside 59.144.164.33 255.255.255.0
    >ip address inside 172.16.1.1 255.255.255.0


    >global (outside) 1 interface
    >nat (inside) 0 0.0.0.0 0.0.0.0 0 0
    >static (inside,outside) 59.144.164.40 172.16.2.2 netmask 255.255.255.255 0 0


    >route inside 172.16.2.0 255.255.255.224 172.16.1.5 1
    >route inside 172.16.3.0 255.255.255.224 172.16.1.5 1
    >route inside 172.16.4.0 255.255.255.224 172.16.1.5 1


    Currently, you have internal networks
    172.16.1.0-255,
    172.16.2.0-31,
    172.16.3.0-31,
    172.16.4.0-31
    and you have an internal router at 172.16.1.5 .

    Currently all of your traffic goes out through the public IP 59.144.164.33
    except for 172.16.2.2, which goes out as 59.144.164.40 .

    You do not allow any incoming connections from outside to inside.

    What is the new configuration that you would like?
    Walter Roberson, Apr 22, 2006
    #2
    1. Advertising

  3. deep

    NETADMIN Guest

    HI deep,
    Canyou post some clear ind\formationof the situation.
    And in your config followinag parts are wringplease correct this:

    >>global (outside) 1 interface
    >>nat (inside) 0 0.0.0.0 0.0.0.0 0 0


    It should be :
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0

    If you cangive me diagrammay be i can help


    Rgrds....
    CK-NET
    NETADMIN, Apr 22, 2006
    #3
  4. Its not much clear from the given info ... but shud be as

    ip address outside "public Ip"

    ip address inside "ip of inside netwrok"

    route outside 0.0.0.0 0.0.0.0 "Public IP" 1

    route inside 172.16.2.0 255.255.255.224 172.16.1.5 1
    route inside 172.16.3.0 255.255.255.224 172.16.1.5 1
    route inside 172.16.4.0 255.255.255.224 172.16.1.5 1

    global (outside) 1 interface
    Hemat Maheshwari, Apr 22, 2006
    #4
  5. In article <>,
    Hemat Maheshwari <> wrote:
    >Its not much clear from the given info ... but shud be as


    >ip address outside "public Ip"


    >ip address inside "ip of inside netwrok"


    >route outside 0.0.0.0 0.0.0.0 "Public IP" 1


    Better is

    route outside 0.0.0.0 0.0.0.0 "Router IP" 1

    >route inside 172.16.2.0 255.255.255.224 172.16.1.5 1
    >route inside 172.16.3.0 255.255.255.224 172.16.1.5 1
    >route inside 172.16.4.0 255.255.255.224 172.16.1.5 1


    >global (outside) 1 interface


    nat (inside) 1 0.0.0.0 0.0.0.0
    Walter Roberson, Apr 23, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Javier Villegas
    Replies:
    1
    Views:
    486
    Walter Roberson
    Jan 27, 2004
  2. Brian
    Replies:
    4
    Views:
    520
    Brian
    Apr 6, 2006
  3. deep

    pix 506 E config

    deep, Apr 22, 2006, in forum: Cisco
    Replies:
    0
    Views:
    428
  4. deep

    pix 506 E config

    deep, Apr 22, 2006, in forum: Cisco
    Replies:
    0
    Views:
    472
  5. Replies:
    3
    Views:
    2,155
Loading...

Share This Page