Pix Help

Discussion in 'Cisco' started by StealthRider, Aug 6, 2007.

  1. StealthRider

    StealthRider

    Joined:
    Aug 4, 2007
    Messages:
    1
    Hello Everyone, I'm new to this forum, Hope to gain alot of info: I'm in need of help configuring my PIX. I have several machines behine the PIX that I'm trying to access from outside. The following is what I'm tring to access from the outside:

    access-list outside line 1 extended permit tcp any gt 1023 any eq ftp
    access-list outside line 4 extended permit tcp any gt 1023 any eq 8022
    access-list outside line 5 extended permit tcp any gt 1023 any eq 8443
    access-list outside line 6 extended permit tcp any gt 1023 any eq 81


    static (Intra,Outtra) tcp interface ftp 192.168.2.5 ftp netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 8022 192.168.2.5 ssh netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 8443 192.168.2.5 https netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 81 192.168.2.5 www netmask 255.255.255.255

    Here is my config:

    PIX Version 7.2(2)
    !
    hostname Stealth
    domain-name default.domain.invalid
    enable password XXXXXXXXXXXXXXXXX encrypted
    names
    !
    interface Ethernet0
    nameif Outtra
    security-level 0
    ip address dhcp setroute
    !
    interface Ethernet1
    speed 100
    duplex full
    nameif Intra
    security-level 100
    ip address 192.168.2.11 255.255.255.0
    !
    interface Ethernet2
    shutdown
    no nameif
    no security-level
    no ip address
    !
    passwd XXXXXXXXXX encrypted
    ftp mode passive
    dns domain-lookup Outtra
    dns server-group DefaultDNS
    name-server 68.6.16.30
    name-server 68.6.16.25
    domain-name default.domain.invalid
    access-list outside line 1 extended permit tcp any gt 1023 any eq ftp
    access-list outside line 4 extended permit tcp any gt 1023 any eq 8022
    access-list outside line 5 extended permit tcp any gt 1023 any eq 8443
    access-list outside line 6 extended permit tcp any gt 1023 any eq 81
    access-list ping_acl extended permit ip any any

    pager lines 24
    mtu Outtra 1500
    mtu Intra 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image flash:/asdm-522.bin
    no asdm history enable
    arp timeout 14400
    global (Outtra) 1 interface
    nat (Intra) 1 192.168.2.0 255.255.255.0
    static (Intra,Outtra) tcp interface ftp 192.168.2.5 ftp netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 8022 192.168.2.5 ssh netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 8443 192.168.2.5 https netmask 255.255.255.255
    static (Intra,Outtra) tcp interface 81 192.168.2.5 www netmask 255.255.255.255
    access-group ping_acl in interface Outtra
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    username XXXXXXXXXX password XXXXXXXX encrypted
    aaa authentication http console LOCAL
    http server enable
    http 192.168.2.12 255.255.255.255 Intra
    http 192.168.2.0 255.255.255.0 Intra
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    telnet timeout 5
    ssh 192.168.2.0 255.255.255.0 Intra
    ssh timeout 5
    console timeout 0
    dhcpd dns 68.6.16.30 68.6.16.25
    !
    dhcpd address 192.168.2.12-192.168.2.254 Intra
    dhcpd enable Intra
    !
    !
    class-map class_http
    match port tcp eq 81
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect http
    class class_http
    inspect http
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:3d0ba0ebca72662c2a0e304fac55684a
    : end
     
    StealthRider, Aug 6, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard

    PIX to PIX to PIX meshed VPN

    Richard, Nov 13, 2003, in forum: Cisco
    Replies:
    1
    Views:
    607
    Richard
    Nov 15, 2003
  2. Remco Bressers
    Replies:
    1
    Views:
    520
    Jyri Korhonen
    Nov 21, 2003
  3. Bill F
    Replies:
    1
    Views:
    442
    Walter Roberson
    Nov 25, 2003
  4. GVB
    Replies:
    1
    Views:
    2,845
    Martin Bilgrav
    Feb 6, 2004
  5. AlanP
    Replies:
    3
    Views:
    942
    Mirek
    Apr 7, 2004
Loading...

Share This Page