Cisco PIX Need Help

Discussion in 'Cisco' started by Birubiru, Jul 22, 2003.

  1. Birubiru

    Birubiru Guest

    Hi! 1st sorry for my bad english!
    I need help to find out a problem i got whit PIX Cisco, i don't trust my ISP
    here i post my configuration. Until 2week ago only IP on configuration was
    trusted for access to Internet, right now whit all ip address i can access
    Internet. There is a hole in PIX configuration ? on i need to look for a
    different problem in my LAN

    Thx in advance


    : Saved

    :

    PIX Version 5.1(5)

    nameif ethernet0 outside security0

    nameif ethernet1 inside security100

    nameif ethernet2 dmz security50

    nameif ethernet3 wan security60

    hostname xxxx-pix

    fixup protocol ftp 21

    fixup protocol http 80

    fixup protocol h323 1720

    fixup protocol rsh 514

    fixup protocol rtsp 554

    fixup protocol smtp 25

    fixup protocol sqlnet 1521

    no names

    pager lines 24

    logging on

    logging timestamp

    no logging standby

    no logging console

    no logging monitor

    no logging buffered

    logging trap debugging

    logging history warnings

    logging facility 23

    logging queue 512

    logging host inside 150.1.1.15

    interface ethernet0 auto

    interface ethernet1 auto

    interface ethernet2 auto

    interface ethernet3 auto shutdown

    mtu outside 1500

    mtu inside 1500

    mtu dmz 1500

    mtu wan 1500

    ip address outside 194.185.95.62 255.255.255.224

    ip address inside 150.1.100.50 255.255.0.0

    ip address dmz 172.16.2.1 255.255.255.0

    ip address wan 127.0.0.1 255.255.255.255

    no failover

    failover timeout 0:00:00

    failover ip address outside 0.0.0.0

    failover ip address inside 0.0.0.0

    failover ip address dmz 0.0.0.0

    failover ip address wan 0.0.0.0

    arp timeout 1400

    global (outside) 1 194.185.49.194-194.185.49.254 netmask 255.255.255.128

    global (outside) 1 194.185.49.193 netmask 255.255.255.128

    global (dmz) 1 172.16.253.1-172.16.253.254 netmask 255.255.255.0

    nat (inside) 1 0.0.0.0 0.0.0.0 0 0

    nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

    static (dmz,outside) 194.185.49.130 172.16.2.2 netmask 255.255.255.255 0 0

    static (dmz,outside) 194.185.49.131 172.16.2.3 netmask 255.255.255.255 0 0

    static (dmz,outside) 194.185.49.132 172.16.2.4 netmask 255.255.255.255 0 0

    static (inside,dmz) 172.16.253.1 150.1.1.11 netmask 255.255.255.255 0 0

    static (inside,dmz) 172.16.253.2 150.1.1.8 netmask 255.255.255.255 0 0

    static (inside,outside) 194.185.49.135 150.1.200.1 netmask 255.255.255.255 0
    0

    static (inside,outside) 194.185.49.136 150.1.1.22 netmask 255.255.255.255 0
    0

    static (inside,outside) 194.185.95.34 150.1.1.26 netmask 255.255.255.255 0 0

    static (inside,outside) 194.185.95.35 150.1.1.28 netmask 255.255.255.255 0 0

    static (inside,dmz) 172.16.253.3 150.1.1.28 netmask 255.255.255.255 0 0

    conduit permit tcp host 194.185.49.131 eq www any

    conduit permit tcp host 194.185.49.130 eq smtp any

    conduit permit tcp host 194.185.49.132 eq www any

    no conduit permit tcp host 194.185.95.35 eq smtp any

    conduit permit icmp any any echo-reply

    conduit permit icmp any any unreachable

    conduit permit icmp any any time-exceeded

    conduit permit icmp any any parameter-problem

    conduit permit udp any gt 1024 host 194.20.8.4 eq domain

    conduit permit udp any gt 1024 host 194.20.8.1 eq domain

    conduit permit tcp host 194.185.95.34 eq ftp host 195.31.157.130

    conduit permit tcp host 194.185.95.34 eq ftp host 195.31.157.144

    outbound 10 permit 150.1.10.62 255.255.255.255 0 ip

    outbound 10 permit 150.1.100.58 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.23 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.199 255.255.255.255 0 ip

    outbound 10 permit 150.1.12.70 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.17 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.38 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.40 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.67 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.64 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.50 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.130 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.7 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.45 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.20 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.21 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.22 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.23 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.24 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.25 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.26 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.27 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.28 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.29 255.255.255.255 0 ip

    outbound 10 permit 0.0.0.0 0.0.0.0 25 tcp

    outbound 10 permit 0.0.0.0 0.0.0.0 110 tcp

    outbound 10 permit 0.0.0.0 0.0.0.0 53 udp

    outbound 10 permit 0.0.0.0 0.0.0.0 0 icmp

    outbound 10 permit 150.1.10.10 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.201 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.89 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.122 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.74 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.111 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.18 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.93 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.99 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.53 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.23 255.255.255.255 0 ip

    outbound 10 permit 150.1.0.160 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.1 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.70 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.201 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.28 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.4 255.255.255.255 0 ip

    outbound 10 permit 150.1.1.22 255.255.255.255 0 ip

    outbound 10 permit 150.1.20.20 255.255.255.255 21 tcp

    outbound 10 permit 150.1.11.103 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.76 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.77 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.3 255.255.255.255 0 ip

    outbound 10 permit 150.1.11.111 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.20 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.90 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.14 255.255.255.255 0 ip

    outbound 10 permit 150.1.10.31 255.255.255.255 0 ip

    outbound 10 permit 150.1.3.50 255.255.255.255 0 ip

    outbound 10 deny 0.0.0.0 0.0.0.0 0 ip

    apply (inside) 10 outgoing_src

    route outside 0.0.0.0 0.0.0.0 194.185.95.33 1

    route inside 172.16.0.0 255.255.255.0 150.1.0.2 1

    route inside 172.16.3.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.4.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.5.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.6.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.7.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.8.0 255.255.255.0 150.1.0.1 1

    route inside 172.16.200.0 255.255.255.0 150.1.200.1 1

    route inside 192.168.0.0 255.255.0.0 150.1.0.1 1

    route inside 172.20.0.0 255.255.255.0 150.1.0.2 1

    route inside 195.1.0.0 255.255.255.0 150.1.0.2 1
     
    Birubiru, Jul 22, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.