topic Re: configuring pix firewall in Network Security

configuring pix firewall

ciscomoon — Fri, 21 Feb 2020 08:35:46 GMT

Hello everybody. I need help

I have taken connection from ISP the ISP provided us VERILINK router our internet is working fine.

I have purchased Pix firewall i would like to use PIX firewall on my network. Can anyone provide me the configuration to connect to the internet.

Please note: PPPoe authentication is not required for this network. Because the cable is directly comming from the ISP. My current location is Australia.

Please reply asap.

Thanks

Re: configuring pix firewall

spremkumar — Thu, 15 Dec 2005 12:54:49 GMT

Which PIX F/W model you have got for your network over there ?

Are you gonna directly connect the link from SP and assign a static ip to the PIX outside interface ??

i would suggest to refer these links to get started...

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094768.shtml

http://cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

regds

Re: configuring pix firewall

ciscomoon — Thu, 15 Dec 2005 13:04:16 GMT

Cable directly comming from the ISP

Pix version: 6.3(4)

====================================================

Currently Using the below config but not connecting to the internet

====================================================

vpdn group VPN accept dialin pptp

vpdn group VPN ppp authentication mschap

vpdn group VPN ppp encryption mppe 40

vpdn group VPN client configuration address local VPNPool

vpdn group VPN pptp echo 60

vpdn group VPN client authentication local

=====================================================

Any Suggestions

Thanks

Re: configuring pix firewall

spremkumar — Thu, 15 Dec 2005 13:52:51 GMT

I m bit puzzled about the original post and the config pasted here.

you have got a PIX firewall connecting to the local ISP.

you have a local LAN behind that and you want to enable access to the internet for the local lan ?

is that the scenario u r tyring or planning to have out there ?

The configs posted here clearly tells that you trying to allow PPTP connections to ur PIX from the remote locations..is that the scneario you are trying out there ??

regds

Re: configuring pix firewall

ciscomoon — Thu, 15 Dec 2005 13:59:12 GMT

I oplogise i posted the wrong command.

Re: configuring pix firewall

jackko — Fri, 16 Dec 2005 00:55:05 GMT

not sure what the issue is.

you mentioned the isp-link can be directly connected to the pix outside interface. so you can issue the command "ip address outside x.x.x.x 255.255.255.x" etc.

if further assistance is needed, please post the entire config with public ip masked.

Re: configuring pix firewall

ciscomoon — Fri, 16 Dec 2005 10:28:13 GMT

Firstly thanks for helping.

I have tried it didnt work.

I have spoken to ISP they have provided following information.

1. 2 public IP (1 Public IP is for ISP router-61.29.12.xx and another public IP is for PIX-61.29.30.xx default gateway 61.29.30.xxx)

2. The ISP also asking to configure default gateway in PIX

====================================================

Here is the current config

====================================================

PIX Version 6.3(4)

interface ethernet0 auto shutdown

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxx

passwd xxxx

hostname rafay

domain-name wasay

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 61.29.3x.xx 255.255.255.252

ip address inside 192.168.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 61.29.12.xx 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 192.168.2.254 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxx

: end

rafay(config)#

====================================================

I am not connecting to the internet via PIX

Re: configuring pix firewall

sdwilliams2005 — Tue, 27 Dec 2005 19:11:28 GMT

Are you still having issues? To clarify you have the following setup?

ISP Router

61.29.12.xx

Want to ADD PIX

LAN (current working internet usage) without PIX

How is the PIX connected to ISP router?

How is the LAN connected to the PIX?

What Default Gateway/Proxy server address are you using?