Pix 506 Configuration

asafayan — Fri, 21 Feb 2020 09:47:15 GMT

I have a Pix 506 that I'm trying to intergrated as a perimeter firewall.

I've looked over the config and see no issues yet I can never get any inbound web services to function off of any of the static NAT statements.

Both outside and inside interfaces go up/up and run clean - although the outside interface does attach to a hub at 10 / half.

sh run

: Saved

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 uunet security0

nameif ethernet1 inside security100

enable password xxxx

passwd xxxx

hostname xxxxxx

domain-name xxxxxxx

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list uunet_in permit ip any any

access-list uunet_in permit icmp any any

access-list inside_out permit ip any any

access-list inside_out permit icmp any any

pager lines 24

mtu uunet 1500

mtu inside 1500

ip address uunet 1.2.3.2 255.255.255.0

ip address inside 10.2.0.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (uunet) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,uunet) 1.2.3.11 10.2.0.11 netmask 255.255.255.255 0 0

static (inside,uunet) 1.2.3.12 10.2.0.12 netmask 255.255.255.255 0 0

static (inside,uunet) 1.2.3.13 10.2.0.13 netmask 255.255.255.255 0 0

access-group uunet_in in interface uunet

access-group inside_out in interface inside

route uunet 0.0.0.0 0.0.0.0 1.2.3.1 1

route inside 10.2.0.1 255.255.255.255 10.2.0.200 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

: end

Re: Pix 506 Configuration

gecko2207 — Mon, 12 Nov 2007 19:51:07 GMT

Can you access the internet from inside? Also, where are you trying to access the outside IPs from? Are you plugged into the hub in front of the firewall or are you on the inside network trying to access via the public IPs?

Thanks,

Brandon

Re: Pix 506 Configuration

asafayan — Mon, 12 Nov 2007 20:07:10 GMT

Internal access to the web wouldn't work b/c DNS would fail when I would integrate this firewall. It would instantly start working when I try the original firewall that his one is replacing.

External access was attemped from another Internet connection - not the hub.

Re: Pix 506 Configuration

gecko2207 — Mon, 12 Nov 2007 20:30:15 GMT

Can you ping the external IPs from the Internet when the PIX is plugged in? They are the same IPs as on the old firewall correct?

Re: Pix 506 Configuration

asafayan — Tue, 13 Nov 2007 19:40:28 GMT

The external IPs aren't pingable and they match exactly the previous firewall's IPs.

I was wondering if it might be the ARP cache on the edge router sitting in front of the firewall. I did ping from the firewall to the inside interface of the edge router successfully.

topic Re: Pix 506 Configuration in Network Security

Pix 506 Configuration

Re: Pix 506 Configuration

Re: Pix 506 Configuration

Re: Pix 506 Configuration

Re: Pix 506 Configuration