<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: PIX 515E in Network Security</title>
    <link>https://community.cisco.com/t5/network-security/pix-515e/m-p/390614#M554696</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;1) There are several ways to accomplish this task.  The easiest way to accomplish this is to use the static command like this:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;static (dmz,outside) 1.2.3.4 1.2.3.4&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;**where 1.2.3.4 is the address you have assigned to the public interface on the 3030&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2) Add the following lines:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit udp any host 1.2.3.4 eq 500&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit esp any host 1.2.3.4&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit tcp any host 1.2.3.4 eq 443&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;**again, where 1.2.3.4 is the address assigned to the public interface on the 3030&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Scott&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Fri, 19 Nov 2004 03:20:52 GMT</pubDate>
    <dc:creator>scoclayton</dc:creator>
    <dc:date>2004-11-19T03:20:52Z</dc:date>
    <item>
      <title>PIX 515E</title>
      <link>https://community.cisco.com/t5/network-security/pix-515e/m-p/390613#M554694</link>
      <description>&lt;P&gt;I have two questions, and will appreciate a quick response.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have a VPN 3030 connected on a DMZ Interface via public address.  We put the VPN 3030 behind PIX for added security.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;1) What kind of address translation do I need to allow VPN users coming from PIX outside interface to the inside network via DMZ interface.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2) How do I allow IPSEC and HTTPS traffic to be allowed via PIX.  Note:  VPN 3030 is the actual box where all the IPSEC configuration will take place.  PIX just has to allow it.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Can someone shed some light on it.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;See below the config as well.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;------------------------------------&lt;/P&gt;&lt;P&gt;PIX Version 6.3(3)&lt;/P&gt;&lt;P&gt;interface ethernet0 100full&lt;/P&gt;&lt;P&gt;interface ethernet1 100full&lt;/P&gt;&lt;P&gt;interface ethernet2 100full&lt;/P&gt;&lt;P&gt;interface ethernet3 auto shutdown&lt;/P&gt;&lt;P&gt;interface ethernet4 auto shutdown&lt;/P&gt;&lt;P&gt;interface ethernet5 auto shutdown&lt;/P&gt;&lt;P&gt;nameif ethernet0 outside security0&lt;/P&gt;&lt;P&gt;nameif ethernet1 inside security100&lt;/P&gt;&lt;P&gt;nameif ethernet2 DMZ1 security99&lt;/P&gt;&lt;P&gt;nameif ethernet3 intf3 security6&lt;/P&gt;&lt;P&gt;nameif ethernet4 intf4 security8&lt;/P&gt;&lt;P&gt;nameif ethernet5 intf5 security10&lt;/P&gt;&lt;P&gt;enable password xxxx&lt;/P&gt;&lt;P&gt;passwd xxxx&lt;/P&gt;&lt;P&gt;hostname D000FWA01&lt;/P&gt;&lt;P&gt;fixup protocol dns maximum-length 512&lt;/P&gt;&lt;P&gt;fixup protocol ftp 21&lt;/P&gt;&lt;P&gt;fixup protocol h323 h225 1720&lt;/P&gt;&lt;P&gt;fixup protocol h323 ras 1718-1719&lt;/P&gt;&lt;P&gt;fixup protocol http 80&lt;/P&gt;&lt;P&gt;fixup protocol rsh 514&lt;/P&gt;&lt;P&gt;fixup protocol rtsp 554&lt;/P&gt;&lt;P&gt;fixup protocol sip 5060&lt;/P&gt;&lt;P&gt;fixup protocol sip udp 5060&lt;/P&gt;&lt;P&gt;fixup protocol skinny 2000&lt;/P&gt;&lt;P&gt;fixup protocol smtp 25&lt;/P&gt;&lt;P&gt;fixup protocol sqlnet 1521&lt;/P&gt;&lt;P&gt;fixup protocol tftp 69&lt;/P&gt;&lt;P&gt;names&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit icmp any any&lt;/P&gt;&lt;P&gt;pager lines 24&lt;/P&gt;&lt;P&gt;mtu outside 1500&lt;/P&gt;&lt;P&gt;mtu inside 1500&lt;/P&gt;&lt;P&gt;mtu DMZ1 1500&lt;/P&gt;&lt;P&gt;mtu intf3 1500&lt;/P&gt;&lt;P&gt;mtu intf4 1500&lt;/P&gt;&lt;P&gt;mtu intf5 1500&lt;/P&gt;&lt;P&gt;ip address outside 223.233.x.x.x255.240&lt;/P&gt;&lt;P&gt;ip address inside 10.180.1.113 255.255.255.248&lt;/P&gt;&lt;P&gt;ip address DMZ1 223.233.x.x.x.x.240&lt;/P&gt;&lt;P&gt;no ip address intf3&lt;/P&gt;&lt;P&gt;no ip address intf4&lt;/P&gt;&lt;P&gt;no ip address intf5&lt;/P&gt;&lt;P&gt;ip audit info action alarm&lt;/P&gt;&lt;P&gt;ip audit attack action alarm&lt;/P&gt;&lt;P&gt;failover&lt;/P&gt;&lt;P&gt;failover timeout 0:00:00&lt;/P&gt;&lt;P&gt;failover poll 15&lt;/P&gt;&lt;P&gt;no failover ip address outside&lt;/P&gt;&lt;P&gt;no failover ip address inside&lt;/P&gt;&lt;P&gt;no failover ip address DMZ1&lt;/P&gt;&lt;P&gt;no failover ip address intf3&lt;/P&gt;&lt;P&gt;no failover ip address intf4&lt;/P&gt;&lt;P&gt;no failover ip address intf5&lt;/P&gt;&lt;P&gt;pdm logging informational 100&lt;/P&gt;&lt;P&gt;pdm history enable&lt;/P&gt;&lt;P&gt;arp timeout 14400&lt;/P&gt;&lt;P&gt;global (outside) 1 223.x.x.x.233.74.45 netmask 255.255.255.240&lt;/P&gt;&lt;P&gt;global (outside) 1 223.x.x.46 netmask 255.255.255.240&lt;/P&gt;&lt;P&gt;nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0&lt;/P&gt;&lt;P&gt;access-group ACL-IN in interface inside&lt;/P&gt;&lt;P&gt;route outside 0.0.0.0 0.0.0.0 223.233.74.1 1&lt;/P&gt;&lt;P&gt;route inside 10.141.0.0 255.255.0.0 10.180.1.117 1&lt;/P&gt;&lt;P&gt;route inside 10.149.0.0 255.255.0.0 10.180.1.117 1&lt;/P&gt;&lt;P&gt;route inside 10.151.0.0 255.255.0.0 10.180.1.117 1&lt;/P&gt;&lt;P&gt;                                                  timeout xlate 3:00:00&lt;/P&gt;&lt;P&gt;timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00&lt;/P&gt;&lt;P&gt;timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00&lt;/P&gt;&lt;P&gt;timeout uauth 0:05:00 absolute&lt;/P&gt;&lt;P&gt;aaa-server TACACS+ protocol tacacs+&lt;/P&gt;&lt;P&gt;aaa-server RADIUS protocol radius&lt;/P&gt;&lt;P&gt;aaa-server LOCAL protocol local&lt;/P&gt;&lt;P&gt;http server enable&lt;/P&gt;&lt;P&gt;http 192.168.1.0 255.255.255.0 inside&lt;/P&gt;&lt;P&gt;no snmp-server location&lt;/P&gt;&lt;P&gt;no snmp-server contact&lt;/P&gt;&lt;P&gt;snmp-server community public&lt;/P&gt;&lt;P&gt;no snmp-server enable traps&lt;/P&gt;&lt;P&gt;floodguard enable&lt;/P&gt;&lt;P&gt;telnet timeout 5&lt;/P&gt;&lt;P&gt;ssh timeout 5&lt;/P&gt;&lt;P&gt;console timeout 0&lt;/P&gt;&lt;P&gt;dhcpd lease 3600&lt;/P&gt;&lt;P&gt;dhcpd ping_timeout 750&lt;/P&gt;&lt;P&gt;dhcpd auto_config outside&lt;/P&gt;&lt;P&gt;terminal width 80&lt;/P&gt;&lt;P&gt;Cryptochecksum:xxxx&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 21 Feb 2020 07:45:28 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/pix-515e/m-p/390613#M554694</guid>
      <dc:creator>ali.asghar</dc:creator>
      <dc:date>2020-02-21T07:45:28Z</dc:date>
    </item>
    <item>
      <title>Re: PIX 515E</title>
      <link>https://community.cisco.com/t5/network-security/pix-515e/m-p/390614#M554696</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;1) There are several ways to accomplish this task.  The easiest way to accomplish this is to use the static command like this:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;static (dmz,outside) 1.2.3.4 1.2.3.4&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;**where 1.2.3.4 is the address you have assigned to the public interface on the 3030&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2) Add the following lines:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit udp any host 1.2.3.4 eq 500&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit esp any host 1.2.3.4&lt;/P&gt;&lt;P&gt;access-list ACL-IN permit tcp any host 1.2.3.4 eq 443&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;**again, where 1.2.3.4 is the address assigned to the public interface on the 3030&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Scott&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 19 Nov 2004 03:20:52 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-security/pix-515e/m-p/390614#M554696</guid>
      <dc:creator>scoclayton</dc:creator>
      <dc:date>2004-11-19T03:20:52Z</dc:date>
    </item>
  </channel>
</rss>

