PIX501 programming to pass outside IP addresses to inside servers

Discussion in 'Cisco' started by ed, Jun 16, 2004.

  1. ed

    ed Guest

    I need to pass http addressed to different ip's to different servers
    inside my PIX501.

    PIX Version 6.3(1)
    the PIX outside address is 207.xx.xx.5
    lets say I have ip addresses
    a. 207.xx.xx.7
    b. 207.xx.xx.4
    c. 207.xx.xx.11
    and web servers inside at
    a. 192.168.1.11
    b. 192.168.1.33
    c. 192.168.1.44

    a.is a test bed
    b. is production
    c. is development.
    so far I have not been able to pass anything to any one of them much
    less all three
    I know with a router I need to have subinterfaces to bind ip addresses
    to before I can route them but the PIX command line will not accept
    cntl-z or end when I try to conf t int e0.1 the gui seems to not let
    it through.

    looking at the running config i have

    access-list inbound permit tcp any host 207.xx.xx.4 eq www
    static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask
    255.255.255.255 0 0
    access-group inbound in interface outside
    pdm location 192.168.1.33 255.255.255.255 inside

    -what is pdm?-
    Thanks for any help you can give me
    my boss is breathing down my neck as the old firewall is dieing and
    cuts off access to our websight.
     
    ed, Jun 16, 2004
    #1
    1. Advertising

  2. ed

    News Account Guest

    "ed" <> wrote in message
    news:...
    > I need to pass http addressed to different ip's to different servers
    > inside my PIX501.
    >
    > PIX Version 6.3(1)
    > the PIX outside address is 207.xx.xx.5
    > lets say I have ip addresses
    > a. 207.xx.xx.7
    > b. 207.xx.xx.4
    > c. 207.xx.xx.11
    > and web servers inside at
    > a. 192.168.1.11
    > b. 192.168.1.33
    > c. 192.168.1.44
    >
    > a.is a test bed
    > b. is production
    > c. is development.
    > so far I have not been able to pass anything to any one of them much
    > less all three
    > I know with a router I need to have subinterfaces to bind ip addresses
    > to before I can route them but the PIX command line will not accept
    > cntl-z or end when I try to conf t int e0.1 the gui seems to not let
    > it through.
    >
    > looking at the running config i have
    >
    > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask
    > 255.255.255.255 0 0


    So add the folling PAT statements...

    access-list inbound permit tcp any host 207.xx.xx.7 eq www
    static (inside,outside) 207.xx.xx.7 192.168.1.11 netmask 255.255.255.255
    access-list inbound permit tcp any host 207.xx.xx.11 eq www
    static (inside,outside) 207.xx.xx.11 192.168.1.44 netmask 255.255.255.255


    > access-group inbound in interface outside
    > pdm location 192.168.1.33 255.255.255.255 inside
    >
    > -what is pdm?-


    It's the PIX Device Manager - a graphical interface for
    administration/configuration. The statement above tells the PIX where the
    192.168.1.33 device is located.

    > Thanks for any help you can give me
    > my boss is breathing down my neck as the old firewall is dieing and
    > cuts off access to our websight.


    Good luck hopefully you can regain your sight of your website!

    Don Woodward
     
    News Account, Jun 16, 2004
    #2
    1. Advertising

  3. ed

    ed Guest

    Thanks Don but it still won't work so i am posting the actual running
    config so you can look and see what is wrong I am trying to get
    outside ip .4 to go to inside ip .21



    Building configuration...
    : Saved
    :
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pix
    domain-name targetlogistics.com
    clock timezone PST -8
    clock summer-time PDT recurring
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    name 192.168.1.80 pc80
    access-list inbound permit tcp any host 207.xx.xx.4 eq www
    access-list inbound permit tcp any host 207.xx.xx.4 eq https
    access-list 101 permit icmp any host 207.xx.xx.5 echo-reply
    access-list 101 permit icmp any host 207.xx.xx.5 source-quench
    access-list 101 permit icmp any host 207.xx.xx.5 unreachable
    access-list 101 permit icmp any host 207.xx.xx.5 time-exceeded
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 207.xx.xx.5 255.255.255.192
    ip address inside 192.168.1.10 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location pc80 255.255.255.255 inside
    pdm location 192.168.1.33 255.255.255.255 inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask
    255.255.255.255 0 0
    access-group 101 in interface outside
    route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.47-192.168.1.98 inside
    dhcpd dns 198.6.100.25 198.6.1.195
    dhcpd wins 192.168.1.11 192.168.1.46
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd domain targetlogistics.com
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80
    Cryptochecksum:faed45ac7bc543452c78585a1555034e
    : end
    [OK]





    "News Account" <> wrote in message news:<lw2Ac.52$>...
    > "ed" <> wrote in message
    > news:...
    > > I need to pass http addressed to different ip's to different servers
    > > inside my PIX501.
    > >
    > > PIX Version 6.3(1)
    > > the PIX outside address is 207.xx.xx.5
    > > lets say I have ip addresses
    > > a. 207.xx.xx.7
    > > b. 207.xx.xx.4
    > > c. 207.xx.xx.11
    > > and web servers inside at
    > > a. 192.168.1.11
    > > b. 192.168.1.33
    > > c. 192.168.1.44
    > >
    > > a.is a test bed
    > > b. is production
    > > c. is development.
    > > so far I have not been able to pass anything to any one of them much
    > > less all three
    > > I know with a router I need to have subinterfaces to bind ip addresses
    > > to before I can route them but the PIX command line will not accept
    > > cntl-z or end when I try to conf t int e0.1 the gui seems to not let
    > > it through.
    > >
    > > looking at the running config i have
    > >
    > > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask
    > > 255.255.255.255 0 0

    >
    > So add the folling PAT statements...
    >
    > access-list inbound permit tcp any host 207.xx.xx.7 eq www
    > static (inside,outside) 207.xx.xx.7 192.168.1.11 netmask 255.255.255.255
    > access-list inbound permit tcp any host 207.xx.xx.11 eq www
    > static (inside,outside) 207.xx.xx.11 192.168.1.44 netmask 255.255.255.255
    >
    >
    > > access-group inbound in interface outside
    > > pdm location 192.168.1.33 255.255.255.255 inside
    > >
    > > -what is pdm?-

    >
    > It's the PIX Device Manager - a graphical interface for
    > administration/configuration. The statement above tells the PIX where the
    > 192.168.1.33 device is located.
    >
    > > Thanks for any help you can give me
    > > my boss is breathing down my neck as the old firewall is dieing and
    > > cuts off access to our websight.

    >
    > Good luck hopefully you can regain your sight of your website!
    >
    > Don Woodward
     
    ed, Jun 17, 2004
    #3
  4. In article <>,
    ed <> wrote:
    :Thanks Don but it still won't work so i am posting the actual running
    :config so you can look and see what is wrong I am trying to get
    :eek:utside ip .4 to go to inside ip .21

    :pIX Version 6.3(1)

    :access-list inbound permit tcp any host 207.xx.xx.4 eq www
    :access-list inbound permit tcp any host 207.xx.xx.4 eq https
    :access-list 101 permit icmp any host 207.xx.xx.5 echo-reply
    :access-list 101 permit icmp any host 207.xx.xx.5 source-quench
    :access-list 101 permit icmp any host 207.xx.xx.5 unreachable
    :access-list 101 permit icmp any host 207.xx.xx.5 time-exceeded

    :ip address outside 207.xx.xx.5 255.255.255.192
    :ip address inside 192.168.1.10 255.255.255.0

    :global (outside) 1 interface
    :nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    :static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask 255.255.255.255 0 0

    But right there you've said that everything to .4 should go to
    internal IP .33, not .21.

    :access-group 101 in interface outside

    You can only have one access-group in on any interface, and the
    access-group you've chosen is the one that just has to do with icmp
    to .5 . To reach .4 you would need

    access-group inbound in interface outside

    --
    csh is bad drugs.
     
    Walter Roberson, Jun 17, 2004
    #4
  5. ed

    News Account Guest

    See below...

    I don't have static addresses here but hopefully this should work.

    Don Woodward

    "ed" <> wrote in message
    news:...
    > Thanks Don but it still won't work so i am posting the actual running
    > config so you can look and see what is wrong I am trying to get
    > outside ip .4 to go to inside ip .21
    >
    >
    >
    > Building configuration...
    > : Saved
    > :
    > PIX Version 6.3(1)
    > interface ethernet0 auto
    > interface ethernet1 100full
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password 8Ry2YjIyt7RRXU24 encrypted
    > passwd 2KFQnbNIdI.2KYOU encrypted
    > hostname pix
    > domain-name targetlogistics.com
    > clock timezone PST -8
    > clock summer-time PDT recurring
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol ils 389
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > names
    > name 192.168.1.80 pc80


    > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > access-list inbound permit tcp any host 207.xx.xx.4 eq https


    The two lines above were never applied to an interface - make them part of
    "access-list 101" since it is applied to the outside interface.

    > access-list 101 permit icmp any host 207.xx.xx.5 echo-reply
    > access-list 101 permit icmp any host 207.xx.xx.5 source-quench
    > access-list 101 permit icmp any host 207.xx.xx.5 unreachable
    > access-list 101 permit icmp any host 207.xx.xx.5 time-exceeded
    > pager lines 24
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside 207.xx.xx.5 255.255.255.192
    > ip address inside 192.168.1.10 255.255.255.0
    > ip audit info action alarm
    > ip audit attack action alarm
    > pdm location pc80 255.255.255.255 inside
    > pdm location 192.168.1.33 255.255.255.255 inside
    > pdm logging informational 100
    > pdm history enable
    > arp timeout 14400
    > global (outside) 1 interface
    > nat (inside) 1 0.0.0.0 0.0.0.0 0 0


    > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask 255.255.255.255 0

    0

    The line above you are mapping .4 to .33 - why not this instead ...

    static (inside,outside) 207.xx.xx.4 www 192.168.1.21 www netmask
    255.255.255.255
    static (inside,outside) 207.xx.xx.4 https 192.168.1.21 https netmask
    255.255.255.255

    > > access-group 101 in interface outside


    Keep the above line and make changes to "access-list inside" above

    > route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1


    Is .1 the next hop router upstream?

    > timeout xlate 0:05:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    > 1:00:00
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server RADIUS protocol radius
    > aaa-server LOCAL protocol local
    > http server enable
    > http 192.168.1.0 255.255.255.0 inside
    > no snmp-server location
    > no snmp-server contact
    > snmp-server community public
    > no snmp-server enable traps
    > floodguard enable
    > telnet timeout 5
    > ssh timeout 5
    > console timeout 0
    > dhcpd address 192.168.1.47-192.168.1.98 inside
    > dhcpd dns 198.6.100.25 198.6.1.195
    > dhcpd wins 192.168.1.11 192.168.1.46
    > dhcpd lease 3600
    > dhcpd ping_timeout 750
    > dhcpd domain targetlogistics.com
    > dhcpd auto_config outside
    > dhcpd enable inside
    > terminal width 80
    > Cryptochecksum:faed45ac7bc543452c78585a1555034e
    > : end
    > [OK]
    >
    >
    >
    >
    >
    > "News Account" <> wrote in message

    news:<lw2Ac.52$>...
    > > "ed" <> wrote in message
    > > news:...
    > > > I need to pass http addressed to different ip's to different servers
    > > > inside my PIX501.
    > > >
    > > > PIX Version 6.3(1)
    > > > the PIX outside address is 207.xx.xx.5
    > > > lets say I have ip addresses
    > > > a. 207.xx.xx.7
    > > > b. 207.xx.xx.4
    > > > c. 207.xx.xx.11
    > > > and web servers inside at
    > > > a. 192.168.1.11
    > > > b. 192.168.1.33
    > > > c. 192.168.1.44
    > > >
    > > > a.is a test bed
    > > > b. is production
    > > > c. is development.
    > > > so far I have not been able to pass anything to any one of them much
    > > > less all three
    > > > I know with a router I need to have subinterfaces to bind ip addresses
    > > > to before I can route them but the PIX command line will not accept
    > > > cntl-z or end when I try to conf t int e0.1 the gui seems to not let
    > > > it through.
    > > >
    > > > looking at the running config i have
    > > >
    > > > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > > > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask
    > > > 255.255.255.255 0 0

    > >
    > > So add the folling PAT statements...
    > >
    > > access-list inbound permit tcp any host 207.xx.xx.7 eq www
    > > static (inside,outside) 207.xx.xx.7 192.168.1.11 netmask 255.255.255.255
    > > access-list inbound permit tcp any host 207.xx.xx.11 eq www
    > > static (inside,outside) 207.xx.xx.11 192.168.1.44 netmask

    255.255.255.255
    > >
    > >
    > > > access-group inbound in interface outside
    > > > pdm location 192.168.1.33 255.255.255.255 inside
    > > >
    > > > -what is pdm?-

    > >
    > > It's the PIX Device Manager - a graphical interface for
    > > administration/configuration. The statement above tells the PIX where

    the
    > > 192.168.1.33 device is located.
    > >
    > > > Thanks for any help you can give me
    > > > my boss is breathing down my neck as the old firewall is dieing and
    > > > cuts off access to our websight.

    > >
    > > Good luck hopefully you can regain your sight of your website!
    > >
    > > Don Woodward
     
    News Account, Jun 17, 2004
    #5
  6. ed

    ed Guest

    "News Account" <> wrote in message news:<CQjAc.24535$>...
    > See below...
    >
    > I don't have static addresses here but hopefully this should work.
    >
    > Don Woodward
    > > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > > access-list inbound permit tcp any host 207.xx.xx.4 eq https

    >
    > The two lines above were never applied to an interface - make them part of
    > "access-list 101" since it is applied to the outside interface.
    > > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask 255.255.255.255 0

    > 0


    Done

    >
    > The line above you are mapping .4 to .33 - why not this instead ...
    >

    ok but static failed with the www's in there so I did it the original
    way

    > static (inside,outside) 207.xx.xx.4 www 192.168.1.21 www netmask
    > 255.255.255.255
    > static (inside,outside) 207.xx.xx.4 https 192.168.1.21 https netmask
    > 255.255.255.255
    >
    > > > access-group 101 in interface outside

    >
    > Keep the above line and make changes to "access-list inside" above
    >

    Done

    > > route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1

    >
    > Is .1 the next hop router upstream?
    >

    yes it is the next hop


    Now 207.xx.xx.4 will not get me to 192.xx.xxx.21
    it is like the PIX is NOT listening to 207.xx.xx.4 at all do I need
    another ipaddress outside 207.xx.xx.4 as I said before with regular
    routers I wouls need to have int e0/0.1 to bind another address to the
    interface.
    I am sorry but this PIX501 is not cooperating.
    here is the current config,
    Building configuration...
    : Saved
    :
    PIX Version 6.3(1)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    hostname pix
    domain-name targetlogistics.com
    clock timezone PST -8
    clock summer-time PDT recurring
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    names
    name 192.168.1.80 pc80
    access-list 101 permit icmp any host 207.xx.xx.5 echo-reply
    access-list 101 permit icmp any host 207.xx.xx.5 source-quench
    access-list 101 permit icmp any host 207.xx.xx.5 unreachable
    access-list 101 permit icmp any host 207.xx.xx.5 time-exceeded
    access-list 101 permit tcp any host 207.xx.xx.4 eq www
    access-list 101 permit tcp any host 207.xx.xx.4 eq https
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside 207.xx.xx.5 255.255.255.192
    ip address inside 192.168.1.10 255.255.255.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location pc80 255.255.255.255 inside
    pdm location 192.168.1.33 255.255.255.255 inside
    pdm location 192.168.1.21 255.255.255.255 inside
    pdm logging informational 100
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) 207.xx.xx.4 192.168.1.21 netmask
    255.255.255.255 0 0
    access-group 101 in interface outside
    route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.1.47-192.168.1.98 inside
    dhcpd dns 198.6.100.25 198.6.1.195
    dhcpd wins 192.168.1.11 192.168.1.46
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd domain targetlogistics.com
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80
    Cryptochecksum:faed45ac7bc543452c78585a1555034e
    : end
    [OK]
     
    ed, Jun 22, 2004
    #6
  7. ed

    News Account Guest

    This should be adaptable to do what you want...

    http://www.cisco.com/en/US/products...s_configuration_example09186a0080094ea2.shtml

    just utilize your interface settings.

    Don Woodward


    "ed" <> wrote in message
    news:...
    > "News Account" <> wrote in message

    news:<CQjAc.24535$>...
    > > See below...
    > >
    > > I don't have static addresses here but hopefully this should work.
    > >
    > > Don Woodward
    > > > access-list inbound permit tcp any host 207.xx.xx.4 eq www
    > > > access-list inbound permit tcp any host 207.xx.xx.4 eq https

    > >
    > > The two lines above were never applied to an interface - make them part

    of
    > > "access-list 101" since it is applied to the outside interface.
    > > > static (inside,outside) 207.xx.xx.4 192.168.1.33 netmask

    255.255.255.255 0
    > > 0

    >
    > Done
    >
    > >
    > > The line above you are mapping .4 to .33 - why not this instead ...
    > >

    > ok but static failed with the www's in there so I did it the original
    > way
    >
    > > static (inside,outside) 207.xx.xx.4 www 192.168.1.21 www netmask
    > > 255.255.255.255
    > > static (inside,outside) 207.xx.xx.4 https 192.168.1.21 https netmask
    > > 255.255.255.255
    > >
    > > > > access-group 101 in interface outside

    > >
    > > Keep the above line and make changes to "access-list inside" above
    > >

    > Done
    >
    > > > route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1

    > >
    > > Is .1 the next hop router upstream?
    > >

    > yes it is the next hop
    >
    >
    > Now 207.xx.xx.4 will not get me to 192.xx.xxx.21
    > it is like the PIX is NOT listening to 207.xx.xx.4 at all do I need
    > another ipaddress outside 207.xx.xx.4 as I said before with regular
    > routers I wouls need to have int e0/0.1 to bind another address to the
    > interface.
    > I am sorry but this PIX501 is not cooperating.
    > here is the current config,
    > Building configuration...
    > : Saved
    > :
    > PIX Version 6.3(1)
    > interface ethernet0 auto
    > interface ethernet1 100full
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password 8Ry2YjIyt7RRXU24 encrypted
    > passwd 2KFQnbNIdI.2KYOU encrypted
    > hostname pix
    > domain-name targetlogistics.com
    > clock timezone PST -8
    > clock summer-time PDT recurring
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol ils 389
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > names
    > name 192.168.1.80 pc80
    > access-list 101 permit icmp any host 207.xx.xx.5 echo-reply
    > access-list 101 permit icmp any host 207.xx.xx.5 source-quench
    > access-list 101 permit icmp any host 207.xx.xx.5 unreachable
    > access-list 101 permit icmp any host 207.xx.xx.5 time-exceeded
    > access-list 101 permit tcp any host 207.xx.xx.4 eq www
    > access-list 101 permit tcp any host 207.xx.xx.4 eq https
    > pager lines 24
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside 207.xx.xx.5 255.255.255.192
    > ip address inside 192.168.1.10 255.255.255.0
    > ip audit info action alarm
    > ip audit attack action alarm
    > pdm location pc80 255.255.255.255 inside
    > pdm location 192.168.1.33 255.255.255.255 inside
    > pdm location 192.168.1.21 255.255.255.255 inside
    > pdm logging informational 100
    > pdm history enable
    > arp timeout 14400
    > global (outside) 1 interface
    > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    > static (inside,outside) 207.xx.xx.4 192.168.1.21 netmask
    > 255.255.255.255 0 0
    > access-group 101 in interface outside
    > route outside 0.0.0.0 0.0.0.0 207.xx.xx.1 1
    > timeout xlate 0:05:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    > 1:00:00
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server RADIUS protocol radius
    > aaa-server LOCAL protocol local
    > http server enable
    > http 192.168.1.0 255.255.255.0 inside
    > no snmp-server location
    > no snmp-server contact
    > snmp-server community public
    > no snmp-server enable traps
    > floodguard enable
    > telnet timeout 5
    > ssh timeout 5
    > console timeout 0
    > dhcpd address 192.168.1.47-192.168.1.98 inside
    > dhcpd dns 198.6.100.25 198.6.1.195
    > dhcpd wins 192.168.1.11 192.168.1.46
    > dhcpd lease 3600
    > dhcpd ping_timeout 750
    > dhcpd domain targetlogistics.com
    > dhcpd auto_config outside
    > dhcpd enable inside
    > terminal width 80
    > Cryptochecksum:faed45ac7bc543452c78585a1555034e
    > : end
    > [OK]
     
    News Account, Jun 23, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dan Rice
    Replies:
    9
    Views:
    969
    Dan Rice
    Feb 4, 2005
  2. Iskander
    Replies:
    2
    Views:
    705
    Walter Roberson
    Oct 4, 2005
  3. Delija
    Replies:
    0
    Views:
    521
    Delija
    Aug 16, 2006
  4. Yogz
    Replies:
    1
    Views:
    3,215
  5. Jack
    Replies:
    0
    Views:
    740
Loading...

Share This Page